CVE-2025-40551

unknown KEV

Published 2026-02-03 · Modified 2026-02-03

CVSS v3

—

CVSS v2

—

VIR risk

1.5

Description

SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

CISA KEV

Vendor: SolarWinds
Product: Web Help Desk
Due date: 2026-02-06

Predictions

Exploit likelihood

99%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40551 ; https://nvd.nist.gov/vuln/detail/CVE-2025-40551

Exploits

References

https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40551 ; https://nvd.nist.gov/vuln/detail/CVE-2025-40551

Verify integrity in audit chain (admin only). AS-IS.