A critical security flaw in Halo ITSM could have let hackers break in—without even logging in. Cybersecurity firm Assetnote recently revealed a serious SQL injection flaw in the Halo ITSM platform, developed by UK-based vendor Halo. This bug allowed unauthenticated attackers to access, change, or insert data within affected systems. It potentially put more than 1,000 cloud deployments at risk, along with on-premises setups exposed to internal threats.
The discovery was made by Assetnote, a subsidiary of Searchlight Cyber, which specializes in attack surface management. According to the team, the vulnerability was found in HaloITSM’s web interface and could be triggered without credentials. This made it a prime target for threat actors seeking a way into sensitive systems.
Halo ITSM is widely used by IT departments to manage support operations and is often connected to both internal tools and cloud providers. Because of this, exploiting the vulnerability could have led to much more than just unauthorized access.
Shubham Shah, SVP of Engineering and Research at Searchlight Cyber, had this to say:
“As an IT support tool, Halo often stores configuration files and credentials. A successful attacker could steal sensitive data, hijack integrated systems, or even grant themselves admin access.”
The security issue has now been patched. Halo released fixes across three new versions—2.174.94 (stable), 2.184.23 (candidate), and 2.186.2 (beta). Organizations running on-premise instances are strongly urged to update immediately to block potential exploits.
Even though this flaw has been resolved, Assetnote warns that Halo’s platform has a wide attack surface, especially for attackers with valid credentials. This means future post-authentication vulnerabilities could still pose risks.
For security researchers and IT teams, Assetnote has released technical details about the SQL injection bug. This helps organizations better understand the issue and reinforce their systems.
With ITSM platforms like Halo deeply woven into corporate infrastructure, a single weakness can become a gateway to widespread compromise. It’s a reminder that routine updates and proactive security checks are vital, especially for software handling sensitive operational data.
