SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code...

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

Basic Information

ID CVE-2025-40553

Source SolarWinds

Published Jan 28, 2026 at 07:35

Affected Product

Vendor SolarWinds

Product Web Help Desk

Version 12.8.8 HF1 and below

Affected Versions SolarWinds Web Help Desk 12.8.8 HF1 and below

CWE Classification

CWE-502

References

{
    "lastseen": "",
    "description": "SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.",
    "published": "2026-01-28T07:35:41.825Z",
    "modified": "2026-01-28T07:35:41.825Z",
    "type": "cve",
    "title": "SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability",
    "source": "SolarWinds",
    "references": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40553\nhttps://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm",
    "id": "CVE-2025-40553",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502"
    ],
    "cvelist": null,
    "sourceData": "SolarWinds Web Help Desk 12.8.8 HF1 and below",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Web Help Desk",
    "version": "12.8.8 HF1 and below",
    "vendor": "SolarWinds",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability_CVE-2025-40553