Threat Intelligence / CVE / CVE-2025-40551

CVE-2025-40551

CISA KEV

CVSS 9.8 (CRITICAL) · EPSS 89.9% · Published 2026-01-28

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-502

Threats tracking this CVE

SolarWinds Web Help Desk Deserialization RCE - CISA KEV — CRITICAL

References

https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm
https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40551
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40551

Full detection coverage & IOCs for threats exploiting CVE-2025-40551 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence