Critical unauthenticated remote code execution vulnerability in SolarWinds Web Help Desk via untrusted data deserialization. Actively exploited in the wild with no authentication required.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
CVE Published: 2026-01-28
Added to CISA KEV: 2026-02-03 6 DAYS BETWEEN CVE AND KEV
Actively exploited.CVE-2025-40551 demonstrates that attackers can still reliably reach dangerous code paths without authentication, despite multiple remediation attempts. Because Web Help Desk is commonly deployed as an internal IT management system, compromise has an outsized impact. Successful exploitation gives attackers access to IT workflows, credentials, configuration data, and systems used for identity and access administration.
CVE-2025-40551: Another Solarwinds Web Help Desk Deserialization Issue. January 28, 2026 | Attack Blogs, Attack Research.These vulnerabilities are easily exploitable and enable unauthenticated attackers to achieve remote code execution on vulnerable Solarwinds Web Help Desk instances. Solarwinds has stated that these issues are patched in Web Help Desk version 2026.1, and we encourage all users to upgrade as soon as possible.
While more targeted in scope, successful exploitation could still allow unauthorized access to sensitive functionality and be used as a stepping stone for further attacks. The fourth critical flaw, tracked as CVE-2025-40551, was found by Jimi Sebree of Horizon3.ai and affects SolarWinds Web Help Desk through the deserialization of untrusted data.
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.How to use the KEV ...
Learn about the importance of CISA's Known Exploited Vulnerability (KEV) catalog and how to use it to help build a collective resilience across the cybersecurity community.