CVE-2024-28988
Published: 01 September 2025
Summary
CVE-2024-28988 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Solarwinds Web Help Desk. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 8.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
SolarWinds Web Help Desk contains a Java deserialization vulnerability that permits remote code execution on the underlying host. The flaw, tracked as CVE-2024-28988 and assigned CWE-502, received a CVSS v3.1 score of 9.8 and was identified by the Trend Micro Zero Day Initiative during follow-on research into an earlier issue.
An unauthenticated attacker can supply a malicious serialized Java object over the network to execute arbitrary commands without requiring credentials or user interaction. Successful exploitation grants full control of the host, including the ability to read, modify, or delete data and to pivot further into the environment.
SolarWinds has released Web Help Desk version 12.8.3 Hotfix 3, which customers are advised to apply immediately; the vendor’s advisory and support article detail the patch location and installation steps.
The associated EPSS score reached a peak of 0.1013 on 2026-03-31 before receding to its current value of 0.0726, indicating limited but observable post-disclosure interest that has since declined.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-26050
Vulnerability details
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after…
more
researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research. We recommend all Web Help Desk customers apply the patch, which is now available. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated RCE via deserialization in public-facing SolarWinds Web Help Desk directly enables T1190 for initial access and arbitrary command execution via T1059.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates CVE-2024-28988 by requiring timely remediation of the Java deserialization RCE flaw through application of the vendor patch WHD-12-8-3-Hotfix-3.
Prevents unauthenticated remote exploitation of the deserialization vulnerability by validating and sanitizing untrusted network inputs to reject malicious serialized objects.
Mitigates unauthenticated remote network access to the vulnerable SolarWinds Web Help Desk by enforcing boundary protections that limit exposure to external attackers.