CVE-2024-28988
Published: 01 September 2025
Summary
CVE-2024-28988 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Solarwinds Web Help Desk. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 7.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CVE-2024-28988 by requiring timely remediation of the Java deserialization RCE flaw through application of the vendor patch WHD-12-8-3-Hotfix-3.
Prevents unauthenticated remote exploitation of the deserialization vulnerability by validating and sanitizing untrusted network inputs to reject malicious serialized objects.
Mitigates unauthenticated remote network access to the vulnerable SolarWinds Web Help Desk by enforcing boundary protections that limit exposure to external attackers.
NVD Description
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after…
more
researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research. We recommend all Web Help Desk customers apply the patch, which is now available. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.
Deeper analysisAI
CVE-2024-28988 is a Java Deserialization Remote Code Execution vulnerability (CWE-502) in SolarWinds Web Help Desk. The flaw enables an attacker to execute arbitrary commands on the affected host machine if successfully exploited. It was discovered by the Trend Micro Zero Day Initiative (ZDI) team during research into a prior vulnerability, where they identified an unauthenticated attack vector.
An unauthenticated attacker can exploit this vulnerability remotely over the network with low complexity and no user interaction required, as reflected in its critical CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Successful exploitation grants high-impact remote code execution, potentially compromising the host system.
SolarWinds advisories recommend that all Web Help Desk customers apply the available patch immediately, specifically WHD-12-8-3-Hotfix-3. The vendor thanks ZDI for coordinating responsible disclosure of this and other potential issues.
Details
- CWE(s)