CVE-2025-40551CRITICAL 9.8CISA KEVEPSS p99.7%

CVE-2025-40551SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

SolarWinds / Web Help Desk

Description

SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS84.13% probability of exploitation · percentile 99.7% · 2026-06-17T12:03:21Z
Published2026-01-28
Last modified2026-02-04

CISA KEV entry

Added to KEV: 2026-02-03

Underlying weaknesses· 1

CWE-502

References

  1. https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm
  2. https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40551
  3. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40551

1

TypeTargetConfidenceTier
WeaknessDeserialization of Untrusted Datacwe-5020%live

(incoming)1

TypeTargetConfidenceTier
KEVEntrySolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerabilitykev-cve-2025-405510%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-40553
CVE
CVE-2025-40552
CVE
CVE-2025-40554
CVE
SolarWinds Web Help Desk Security Control Bypass Vulnerability
CVE
SolarWinds Web Help Desk Hardcoded Credential Vulnerability
CVE
Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.