CVE-2025-40551

CRITICAL Actively Exploited

SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability

CVSS v3

9.8

CRITICAL

EPSS Score

86.7%

exploit probability

CISA KEV

No

known exploited

Exploitation

active

SSVC status

Description

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

Technical Details

CVSS v3 Vector
3.1
Published
1/28/2026
Last Modified
2/4/2026

Frequently Asked Questions

What is CVE-2025-40551?

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

Is CVE-2025-40551 actively exploited?

Yes. CVE-2025-40551 has been observed in active exploitation according to SSVC analysis.

What is the CVSS score for CVE-2025-40551?

CVE-2025-40551 has a CVSS v3 base score of 9.8 (CRITICAL severity), with vector string 3.1.

Is CVE-2025-40551 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.

Check an IPSearch CVEs
Back to CVE Database