CVE-2025-40553CRITICAL 9.8EPSS p99.0%

CVE-2025-40553CVE-2025-40553

Description

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS60.39% probability of exploitation · percentile 99.0% · 2026-06-18T12:00:27Z
Published2026-01-28
Last modified2026-02-26

Underlying weaknesses· 1

CWE-502

References

  1. https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm
  2. https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40553
  3. https://github.com/watchtowrlabs/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553/blob/main/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553.py

1

TypeTargetConfidenceTier
WeaknessDeserialization of Untrusted Datacwe-5020%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
CVE
CVE-2025-40552
CVE
CVE-2025-40554
CVE
SolarWinds Web Help Desk Security Control Bypass Vulnerability
CVE
SolarWinds Web Help Desk Hardcoded Credential Vulnerability
CVE
Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.