CVE-2025-40553
Published: 28 January 2026
Summary
CVE-2025-40553 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Solarwinds Web Help Desk. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 4.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely flaw remediation through patching the specific untrusted deserialization vulnerability as addressed in SolarWinds Web Help Desk 2026.1.
Mandates validation of untrusted inputs prior to deserialization, directly preventing exploitation of CWE-502 leading to RCE.
Enforces boundary protection to restrict network access to the unauthenticated Web Help Desk service, blocking remote exploitation attempts.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Untrusted data deserialization in SolarWinds Web Help Desk enables unauthenticated remote code execution over the network in a public-facing web application.
NVD Description
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
Deeper analysisAI
CVE-2025-40553 is an untrusted data deserialization vulnerability (CWE-502) in SolarWinds Web Help Desk that enables remote code execution. Published on 2026-01-28, it allows attackers to run arbitrary commands on the host machine and carries a critical CVSS score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
The vulnerability can be exploited remotely over the network with low complexity and without authentication or user interaction by any attacker who can reach the affected Web Help Desk instance. Successful exploitation provides high-impact remote code execution on the server, potentially compromising confidentiality, integrity, and availability of the host system.
SolarWinds addresses the issue in its security advisory at https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40553 and Web Help Desk 2026.1 release notes at https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm. A proof-of-concept exploit script for this CVE and CVE-2025-40552 is publicly available on GitHub at https://github.com/watchtowrlabs/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553/blob/main/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553.py.
Details
- CWE(s)