CVE-2025-40553

Critical

Published: 28 January 2026

Published

28 January 2026

Modified

26 February 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.1495 94.6th percentile

Risk Priority 29 60% EPSS · 20% KEV · 20% CVSS

Description

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires timely flaw remediation through patching the specific untrusted deserialization vulnerability as addressed in SolarWinds Web Help Desk 2026.1.

SI-10 Information Input Validation good match

prevent

Mandates validation of untrusted inputs prior to deserialization, directly preventing exploitation of CWE-502 leading to RCE.

SC-7 Boundary Protection good match

prevent

Enforces boundary protection to restrict network access to the unauthenticated Web Help Desk service, blocking remote exploitation attempts.

Security SummaryAI

CVE-2025-40553 is an untrusted data deserialization vulnerability (CWE-502) in SolarWinds Web Help Desk that enables remote code execution. Published on 2026-01-28, it allows attackers to run arbitrary commands on the host machine and carries a critical CVSS score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

The vulnerability can be exploited remotely over the network with low complexity and without authentication or user interaction by any attacker who can reach the affected Web Help Desk instance. Successful exploitation provides high-impact remote code execution on the server, potentially compromising confidentiality, integrity, and availability of the host system.

SolarWinds addresses the issue in its security advisory at https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40553 and Web Help Desk 2026.1 release notes at https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm. A proof-of-concept exploit script for this CVE and CVE-2025-40552 is publicly available on GitHub at https://github.com/watchtowrlabs/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553/blob/main/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553.py.

Details

CWE(s): CWE-502

Affected Products

solarwinds

web help desk

≤ 2026.1

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Untrusted data deserialization in SolarWinds Web Help Desk enables unauthenticated remote code execution over the network in a public-facing web application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm
Release Notes · psirt@solarwinds.com
https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40553
Vendor Advisory · psirt@solarwinds.com
https://github.com/watchtowrlabs/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553/blob/main/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553.py
134c704f-9b21-4f2e-91b3-4a467353bcc0