Skip to content
Security Alerts

CVE-2025-40551: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This co...

Marcin Godula Marcin Godula

Summary

ParameterValue
CVE IDCVE-2025-40551
Alert SourceCISA KEV - Active Exploitation
CVE Publication Year2025
Date Published2026-02-03
VendorSolarWinds
ProductWeb Help Desk
CVSS Score9.8 (critical)
EPSS Score1.0% (percentile: 77%)
CISA KEVYes - confirmed active exploitation
RansomwareNot confirmed
Remediation Deadline2026-02-06

Vulnerability Description

SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

Required Actions

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Who Is Affected?

This vulnerability affects Web Help Desk by SolarWinds. Check if your organization uses this software and requires updates.

Sources

Need help securing your systems? nFlo team offers vulnerability management and 24/7 SOC services. Contact us.

Tags:

cve-2025-40551 critical solarwinds cisa-kev vulnerability

Share:

Talk to an expert

Have questions about this topic? Get in touch with our specialist.

Product Manager
Grzegorz Gnych

Grzegorz Gnych

Sales Representative

+48 664 003 003grzegorz.gnych@nflo.pl
Response within 24 hours
Free consultation
Individual approach

Providing your phone number will speed up contact.

Want to Reduce IT Risk and Costs?

Book a free consultation - we respond within 24h

Response in 24h Free quote No obligations
Book a Call +48 22 487 86 36

Or download free guide:

Download NIS2 Checklist