CVE-2024-52612: 
SolarWinds Platform vulnerability analysis and mitigation

CVE-2024-52612 is a reflected cross-site scripting vulnerability affecting the SolarWinds Platform. The vulnerability was discovered and disclosed on February 11, 2025, impacting SolarWinds Platform versions 2024.2.1 and older. The vulnerability stems from insufficient sanitation of input parameters and requires authentication by a high-privileged account to be exploitable (SolarWinds Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 6.8 (High) with the vector string CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The National Vulnerability Database (NVD) has assigned a slightly different CVSS score of 4.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N. The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (NVD).

The vulnerability could potentially allow an authenticated attacker with high privileges to execute cross-site scripting attacks against the SolarWinds Platform. This could lead to unauthorized access to sensitive information and potential system compromise within the scope of the affected application (SolarWinds Advisory).

SolarWinds has released version 2025.1 which contains fixes for this vulnerability. Users are advised to upgrade to this version to mitigate the risk (SolarWinds Release Notes).