CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2025-40551

CVSS 9.8v3.1pub. 2026-01-28upd. 2026-02-04

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

🤖 AI Analysis
How it works

The vulnerability is classified as CWE-502 (Deserialization of Untrusted Data) and involves the application processing input data supplied by an attacker without proper verification of its security during deserialization. An attacker can craft a malicious payload and send it to the vulnerable endpoint without needing to possess any credentials. Processing such a payload leads to execution of arbitrary commands on the server hosting the application.

Impact

An attacker can gain the ability to execute arbitrary commands remotely on the server (RCE), which in practice means complete takeover of the system, including access to sensitive data, modification of resources, and potential lateral movement within the internal network.

Mitigation & patch

SolarWinds Web Help Desk should be updated immediately to version 2026.1 or later, in accordance with information contained in the official release notes and SolarWinds security bulletin. Due to active exploitation (CISA KEV), the update should be performed immediately. Until the patch is deployed, it is recommended to restrict access to the application only to trusted networks or IP addresses.

Who is affected

SolarWinds Web Help Desk — versions indicated in the vendor's references (patch available in WHD 2026.1 according to the vendor's release notes)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Solarwinds Web Help Desk

    APP
    Solarwinds
    < 2026.1

CISA KEV — detailsi

Vendori
SolarWinds
Producti
Web Help Desk
Added to KEVi
February 3, 2026
Remediation deadline (US Federal)i
February 6, 2026(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 6 lutego 2026
Tags
RCEDeserialization
CWE
References

Related vulnerabilities

CVE-2025-26399CRITICAL9.8⚠ KEVPL ✓ten sam produkt

RCE przez deserializację AjaxProxy w SolarWinds Web Help Desk (nieuwierzytelniony)

CVE-2024-28987CRITICAL9.1⚠ KEVPL ✓ten sam produkt

SolarWinds Web Help Desk – hardcoded credential umożliwia zdalny dostęp

CVE-2024-28986CRITICAL9.8⚠ KEVPL ✓ten sam produkt

RCE przez Java Deserialization w SolarWinds Web Help Desk

CVE-2025-40552CRITICAL9.8PL ✓ten sam produkt

SolarWinds Web Help Desk — pominięcie uwierzytelnienia (Auth Bypass)

CVE-2025-40553CRITICAL9.8PL ✓ten sam produkt

SolarWinds Web Help Desk — zdalne wykonanie kodu przez niebezpieczną deserializację