CVE-2025-40553 | THREATINT

Description

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

PUBLISHED Reserved 2025-04-16 | Published 2026-01-28 | Updated 2026-01-29 | Assigner SolarWinds

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-502 Deserialization of Untrusted Data

Product status

Default status

affected

12.8.8 HF1 and below

affected

Credits

Piotr Bazydlo working with watchTowr reporter

References

www.solarwinds.com/...ter/security-advisories/CVE-2025-40553

documentation.solarwinds.com/...whd_2026-1_release_notes.htm release-notes

cve.org (CVE-2025-40553)

nvd.nist.gov (CVE-2025-40553)

Download JSON