CVE-2025-40553

Published: Jan 28, 2026Modified: Feb 26, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: psirt@solarwinds.com (Secondary)

Description

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

Affected (1)

Products: Solarwinds: Web Help Desk

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Solarwinds Web Help Desk	Before 2026.1

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (3)

https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm

Source: psirt@solarwinds.com

Release Notes

https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40553

Source: psirt@solarwinds.com

Vendor Advisory

https://github.com/watchtowrlabs/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553/blob/main/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553.py

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Timeline

No history available yet.