CVE-2025-40551
Published: 28 January 2026
Summary
CVE-2025-40551 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Solarwinds Web Help Desk. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 0.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 mandates timely identification, reporting, and correction of software flaws like this untrusted deserialization vulnerability through vendor patches such as SolarWinds Web Help Desk 2026.1.
SI-10 requires validation of input format, type, and content, directly preventing exploitation of untrusted data deserialization by rejecting malicious payloads.
RA-5 ensures vulnerability scanning identifies critical issues like CVE-2025-40551 in SolarWinds Web Help Desk, enabling prioritization for remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Untrusted data deserialization vulnerability in SolarWinds Web Help Desk enables unauthenticated remote code execution over the network in a public-facing web application, directly mapping to T1190: Exploit Public-Facing Application.
NVD Description
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
Deeper analysisAI
CVE-2025-40551 is an untrusted data deserialization vulnerability (CWE-502) affecting SolarWinds Web Help Desk. Published on January 28, 2026, it enables remote code execution (RCE), allowing attackers to run arbitrary commands on the host machine. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its high impact on confidentiality, integrity, and availability.
Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation grants full control over the affected host, potentially leading to complete system compromise, data theft, or further lateral movement within the environment.
SolarWinds has published mitigation details in their security advisory at https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40551 and Web Help Desk 2026.1 release notes at https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm, which include patches addressing the issue. The vulnerability is also listed in CISA's Known Exploited Vulnerabilities Catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40551, urging federal agencies to apply mitigations promptly.
Details
- CWE(s)
- KEV Date Added
- See CISA KEV catalog