Warning: Critical untrusted deserialization vulnerability in SolarWinds Help Desk, actively exploited, Patch Immediately!

• Last update: 04/02/2026
• Affected software:
  → SolarWinds Web Help Desk <= 12.8.8 HF1
• Type: CWE-502 - Deserialization of Untrusted Data
• CVE/CVSS
  → CVE-2025-40551: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Sources

SolarWinds advisory - https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40551

Risks

A publicly exposed instance of SolarWinds Web Help Desk can get fully compromised by an attacker. Systems running this software are at risk of data theft and loss of data integrity and confidentiality. Attackers can exploit this vulnerability to gain unauthorized access to a corporate network, which may allow them to compromise other interconnected devices. Attackers will target this vulnerability to gain initial access into a corporate environment.

Description

CVE-2025-40551 is an untrusted deserialization vulnerability in the SolarWinds Web Help Desk software. User input that is not properly sanitized can lead to unauthorized code being executed on the targeted device. A compromised host can be used by an attacker to pivot onto other machines. Attackers will exploit this vulnerability to gain initial access into host or LAN network.

Recommended Actions

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.

While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.

References

NVD NIST - https://nvd.nist.gov/vuln/detail/CVE-2025-40551