Full Report
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog, flagging it as actively exploited in attacks. The vulnerability, tracked as CVE-2025-40551 (CVSS score: 9.8), is a untrusted data deserialization vulnerability that could pave the way for remote
Analysis Summary
# Vulnerability: Critical Deserialization Flaw in SolarWinds Web Help Desk Leading to RCE
## CVE Details
- CVE ID: CVE-2025-40551
- CVSS Score: 9.8 (Critical)
- CWE: Deserialization of Untrusted Data
## Affected Systems
- Products: SolarWinds Web Help Desk (WHD)
- Versions: Versions prior to 2026.1 which received fixes.
- Configurations: Not specified, but likely affects any deployed WHD instance.
## Vulnerability Description
This is a critical deserialization of untrusted data vulnerability within SolarWinds Web Help Desk. Successful exploitation could allow an unauthenticated attacker to execute arbitrary commands on the host machine leveraging remote code execution (RCE).
## Exploitation
- Status: Actively exploited in the wild (Added to CISA KEV catalog).
- Complexity: Implied Low, as exploitation can occur without prior authentication.
- Attack Vector: Network (Remote)
## Impact
- Confidentiality: High (Potential for data theft via RCE)
- Integrity: High (Ability to modify system files/settings via RCE)
- Availability: High (Ability to disrupt service or take down the host machine via RCE)
## Remediation
### Patches
- SolarWinds issued fixes for this flaw in **WHD version 2026.1**.
### Workarounds
- No specific workarounds were detailed in the provided article, immediate patching is the recommended path due to active exploitation.
## Detection
- **Indicators of Compromise (IoCs):** Not publicly detailed in the source, but defenders should monitor network traffic and system logs for unexpected command executions or outbound connections originating from the affected WHD server post-patch issuance.
- **Detection Methods and Tools:** Monitor endpoints for execution of anomalous processes tied to SolarWinds WHD service accounts.
## References
- Vendor Advisory (Fix issued): `https://thehackernews.com/2026/01/solarwinds-fixes-four-critical-web-help.html`
- CISA KEV Catalog Addition: `https://www.cisa.gov/news-events/alerts/2026/02/03/cisa-adds-four-known-exploited-vulnerabilities-catalog`