Untrusted Data Deserialization Vulnerability in SolarWinds Web Help Desk
CVE-2025-40551

9.8CRITICAL

Key Information:

Vendor

Solarwinds
Status
Web Help Desk
Vendor
CVE Published:
28 January 2026

Badges

πŸ’° RansomwareπŸ‘Ύ Exploit Exists🟣 EPSS 78%πŸ¦… CISA ReportedπŸ“° News Worthy

What is CVE-2025-40551?

SolarWinds Web Help Desk is vulnerable to an untrusted data deserialization flaw that could permit remote code execution. This weakness can be exploited by attackers to execute arbitrary commands on the affected host without requiring authentication, leading to significant security risks for organizations using this software. It is crucial for users to apply security patches and updates to safeguard their systems from potential attacks.

CISA has reported CVE-2025-40551

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-40551 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Web Help Desk 12.8.8 HF1 and below

News Articles

favicon imageDark Reading

SolarWinds WHD Attacks Highlight Dangers of Exposed Apps

Organizations that have exposed their instances of Web Help Desk to the public Internet have inadvertently made them prime targets for attackers.

3 weeks ago

favicon imageThe Hacker News

SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers

Microsoft links SolarWinds WHD exploits to RCE, lateral movement, and domain compromise in multi-stage attacks.

3 weeks ago

favicon imageThe Hacker News

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog

CISA adds an actively exploited SolarWinds Web Help Desk RCE flaw to KEV, ordering federal agencies to patch by February 2026.

4 weeks ago

References

https://www.solarwinds.com/trust-center/security-advisori...
vendor-advisorypatch
https://documentation.solarwinds.com/en/success_center/wh...
release-notes

EPSS Score

78% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ’°

    Used in Ransomware

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ¦…

    CISA Reported

  • πŸ“°

    First article discovered by BleepingComputer

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jimi Sebree working with Horizon3.ai
JSON
.