CVE-2025-40551

CRITICAL KEV NUCLEI

SolarWinds Web Help Desk < 2026.1 - Unauthenticated Remote Code Execution via Untrusted Data Deserialization

Title source: llm

Exploitation Summary

CVE-2025-40551 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added February 3, 2026. EIP tracks 1 public exploit from researchers including Jimi Sebree, sfewer-r7, including a Metasploit module exploits/multi/http/solarwinds_webhelpdesk_rce. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module exploits CVE-2025-40536 (access control bypass) and CVE-2025-40551 (unsafe deserialization) to achieve unauthenticated RCE on SolarWinds Web Help Desk (WHD) versions 12.7.* and 12.8.* on Windows and Linux. It uses JNDI injection and SMB server setup for payload delivery.

Description

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

Exploits (1)

metasploit WORKING POC GREAT

by Jimi Sebree, sfewer-r7 · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/solarwinds_webhelpdesk_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2025-40536 (access control bypass) and CVE-2025-40551 (unsafe deserialization) to achieve unauthenticated RCE on SolarWinds Web Help Desk (WHD) versions 12.7.* and 12.8.* on Windows and Linux. It uses JNDI injection and SMB server setup for payload delivery.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: SolarWinds Web Help Desk (WHD) 12.7.*, 12.8.*

No auth needed

Prerequisites: Network access to the target server · SolarWinds WHD version 12.7.* or 12.8.*

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

SolarWinds Web Help Desk < 2026.1 - Unauthenticated JNDI Injection RCE

CRITICALVERIFIEDby Horizon3.ai

Shodan: http.favicon.hash:1895809524

References (3)

Core 3

Core References

Vendor Advisory vendor-advisory patch

https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40551

Release Notes release-notes

https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40551

Scores

CVSS v3 9.8

EPSS 0.8712

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2026-02-03

VulnCheck KEV 2026-02-03

ENISA EUVD EUVD-2025-206426

CWE

CWE-502

Status published

Products (1)

solarwinds/web_help_desk < 2026.1

Published Jan 28, 2026

KEV Added Feb 03, 2026

Tracked Since Feb 18, 2026