How to fix CVE-2025-40551?

Within 24 hours: Identify all SolarWinds Web Help Desk instances in your environment and isolate them from untrusted networks; disable external access and enable MFA on all administrative accounts. Within 7 days: Deploy network segmentation to restrict Web Help Desk traffic and implement Web Application Firewall (WAF) rules to block exploitation attempts; conduct forensic analysis of Web Help Desk logs for signs of compromise. Within 30 days: Monitor SolarWinds security advisories for patch availability and apply immediately upon release; evaluate alternative help desk solutions if patching timeline is unacceptable.

Is Deserialization affected by CVE-2025-40551?

SolarWinds Web Help Desk contains a critical remote code execution vulnerability (CVE-2025-40551) that is actively being exploited in the wild and requires no authentication to attack.

CVE-2025-40551

CRITICAL

2026-01-28 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

Added to CISA KEV

Feb 04, 2026 - 02:00 cisa

CISA KEV

CVE Published

Jan 28, 2026 - 08:16 nvd

CRITICAL 9.8

Description

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

Analysis

SolarWinds Web Help Desk contains an unauthenticated Java deserialization vulnerability (CVE-2025-40551, CVSS 9.8) that enables remote code execution. With EPSS 80.6% and KEV listing, this is the more severe of two concurrent WHD vulnerabilities, allowing attackers to execute arbitrary commands on the host server without any credentials.

Technical Context

The application accepts serialized Java objects from unauthenticated HTTP requests. An attacker can construct a malicious serialized object using common Java deserialization gadget chains (such as those from Apache Commons Collections, Spring Framework, or other libraries bundled with WHD) that execute arbitrary OS commands when deserialized. The attack is straightforward with tools like ysoserial and requires no authentication or prior knowledge of the target beyond its URL.

Affected Products

['SolarWinds Web Help Desk (versions prior to security update)']

Remediation

Apply SolarWinds security update immediately — this is highest priority. Take WHD offline if patching is delayed. Block external access to WHD. Monitor for Java deserialization attack indicators (unusual POST payloads, ysoserial signatures). Conduct incident response investigation to determine if exploitation has already occurred.

Priority Score

180

Low Medium High Critical

KEV: +50

EPSS: +80.6

CVSS: +49

POC: 0

CVE-2025-40551 vulnerability details – vuln.today

Back

CVE-2025-40551

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-40551

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code