Vulnerability Description
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Solarwinds | Web Help Desk | < 2026.1 |
Related Weaknesses (CWE)
References
- https://documentation.solarwinds.com/en/success_center/whd/content/release_notesRelease Notes
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40553Vendor Advisory
- https://github.com/watchtowrlabs/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40
FAQ
What is CVE-2025-40553?
CVE-2025-40553 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the h...
How severe is CVE-2025-40553?
CVE-2025-40553 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-40553?
Check the references section above for vendor advisories and patch information. Affected products include: Solarwinds Web Help Desk.