CVE-2025-40553
CRITICALSolarwinds Web Help Desk < 2026.1 - Insecure Deserialization
Title source: ruleDescription
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
Exploits (1)
github
WORKING POC
4 stars
by watchtowrlabs · pythonpoc
https://github.com/watchtowrlabs/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553
References (3)
Core 3
Core References
Exploit, Third Party Advisory
https://github.com/watchtowrlabs/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553/blob/main/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553.py
Release Notes release-notes
https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm
Scores
CVSS v3
9.8
EPSS
0.1495
EPSS Percentile
94.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-502
Status
published
Products (1)
solarwinds/web_help_desk
< 2026.1
Published
Jan 28, 2026
Tracked Since
Feb 18, 2026