SECURITY ALERT
CVE-2025-26499, Wind River Studio Developer
Update 09/10/2025
SUMMARY
On July 24, 2025, a bug was reported in Wind River Studio Developer 24.11. A Wind River Studio Developer instance demonstrated instability issues while under extreme load. One of the symptoms of this instability included the automatic refreshing of Pipeline Manager (PLM) pages (pipeline run view or pipeline run log's view) with the user getting redirected to PLM Dashboard, or to Wind River Studio Developer (WRSD) Login page. When this occurred, a user’s session could be switched to the session of another logged-in user and gained their current session. This impact is confined to Studio Developer environments. Adjacent networks and environments are not impacted, as well the impact is confined to the current session. Occurrence of the issue appears random, with no known way to intentionally trigger the event. Wind River PSIRT identified this as a medium severity issue with CVSS 3.1 Score of 5.8.
Wind River Affected Products
Wind River Studio Developer, Version 24.11
Mitigation/remediation Summary
The current recommended mitigation is to have users log out of their sessions and log back in when they experience instability issues.
The root cause has been determined, and a fix/remediation has been generated. The patch is now available in 25.05 patch 5. Wind River has created a CVE for this vulnerablity. CVE-2025-26499
Customer Guidance
For all customers, we recommend upgrading from Wind River Studio Developer 24.11 to Wind River Studio Developer 25.05 and apply all updates and patches.
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2025-26499
Not Affected Products
Other Wind River products are not affected by this vulnerability.
Additional Resources
Please visit the Wind River Security Center for ongoing security updates:
