A critical vulnerability in SolarWinds Web Help Desk, identified as CVE-2025-40551, is being actively exploited in the wild, posing a significant threat to organizations using the software. This flaw, which has been assigned a CVSS score of 9.8, allows for remote code execution through untrusted data deserialization, enabling attackers to execute commands on the host machine without requiring authentication.
The vulnerability was publicly disclosed on January 28, 2026, and was quickly added to CISA's Known Exploited Vulnerabilities (KEV) catalog by February 3, 2026, underscoring the urgency of the threat. The Exploit Prediction Scoring System (EPSS) rates the likelihood of exploitation at 0.882, indicating a high probability of attacks. Indeed, attackers began exploiting the vulnerability within approximately 5.7 days of its disclosure, demonstrating the rapid weaponization of this flaw.
Security experts have confirmed the availability of at least one exploit, which further increases the risk for organizations that have not yet patched their systems. The vulnerability stems from a deserialization issue (CWE-502), a common vector for remote code execution attacks, particularly when input data is not properly validated.
Organizations using SolarWinds Web Help Desk are urged to apply patches immediately to mitigate the risk of exploitation. Given the critical nature of this vulnerability and its active exploitation, swift action is necessary to protect systems from potential compromise. Security teams should prioritize this patch as part of their vulnerability management processes to prevent unauthorized access and control of their systems.
CSURFACE