Cyber Resilience

CVE-2024-28988

CriticalRCE

Published: 01 September 2025

Published
01 September 2025
Modified
14 November 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0726 91.8th percentile
Risk Priority 24 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-28988 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Solarwinds Web Help Desk. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 8.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

SolarWinds Web Help Desk contains a Java deserialization vulnerability that permits remote code execution on the underlying host. The flaw, tracked as CVE-2024-28988 and assigned CWE-502, received a CVSS v3.1 score of 9.8 and was identified by the Trend Micro Zero Day Initiative during follow-on research into an earlier issue.

An unauthenticated attacker can supply a malicious serialized Java object over the network to execute arbitrary commands without requiring credentials or user interaction. Successful exploitation grants full control of the host, including the ability to read, modify, or delete data and to pivot further into the environment.

SolarWinds has released Web Help Desk version 12.8.3 Hotfix 3, which customers are advised to apply immediately; the vendor’s advisory and support article detail the patch location and installation steps.

The associated EPSS score reached a peak of 0.1013 on 2026-03-31 before receding to its current value of 0.0726, indicating limited but observable post-disclosure interest that has since declined.

EU & UK References

Vulnerability details

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after…

more

researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research. We recommend all Web Help Desk customers apply the patch, which is now available. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Unauthenticated RCE via deserialization in public-facing SolarWinds Web Help Desk directly enables T1190 for initial access and arbitrary command execution via T1059.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-26399Same product: Solarwinds Web Help Desk
CVE-2025-40551Same product: Solarwinds Web Help Desk
CVE-2025-40553Same product: Solarwinds Web Help Desk
CVE-2025-40554Same product: Solarwinds Web Help Desk
CVE-2025-40536Same product: Solarwinds Web Help Desk
CVE-2025-40552Same product: Solarwinds Web Help Desk
CVE-2025-40537Same product: Solarwinds Web Help Desk
CVE-2026-28299Same product: Solarwinds Web Help Desk
CVE-2025-40539Same product class: network monitoring / SIEM
CVE-2025-40540Same product class: network monitoring / SIEM

Affected Assets

solarwinds
web help desk
12.8.3 · ≤ 12.8.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2024-28988 by requiring timely remediation of the Java deserialization RCE flaw through application of the vendor patch WHD-12-8-3-Hotfix-3.

prevent

Prevents unauthenticated remote exploitation of the deserialization vulnerability by validating and sanitizing untrusted network inputs to reject malicious serialized objects.

prevent

Mitigates unauthenticated remote network access to the vulnerable SolarWinds Web Help Desk by enforcing boundary protections that limit exposure to external attackers.

References