AI description
CVE-2025-40551 is a remote code execution (RCE) vulnerability identified in SolarWinds Web Help Desk (WHD) software. This flaw originates from an untrusted data deserialization weakness, which allows an attacker to execute commands on the host machine. Exploitation of CVE-2025-40551 can occur without requiring authentication. This vulnerability is often discussed alongside other related issues in SolarWinds WHD, forming potential attack chains.
- Description
- SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
- Source
- psirt@solarwinds.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@solarwinds.com
- CWE-502
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
22
SolarWinds has just announced four high-severity vulnerabilities in its Web Help Desk (WHD). CVE-2025-40551 & CVE-2025-40553 (Unauthenticated RCE) CVE-2025-40552 & CVE-2025-40554 (Auth Bypass) https://t.co/pR8mqjT5NL https://t.co/j3F2jxa30N
@TheHackerWire
28 Jan 2026
58 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
π― New FREE honeypot stream! π¨ Multiple SolarWinds Web Help Desk vulns (incl. critical CVE-2025-40551) enable unauthed RCE - POC is public Track exploit activity in real time now π https://t.co/0KmalJdGuV https://t.co/KREPCwxjvE
@DefusedCyber
28 Jan 2026
3507 Impressions
3 Retweets
17 Likes
5 Bookmarks
0 Replies
1 Quote
π¨π¨π¨ γThis could be exploited without authentication.γ SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVE-2025-40551) https://t.co/66fGQ8S7xv
@autumn_good_35
28 Jan 2026
74 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Today we are disclosing the details of CVE-2025-40551, an unauth deserialization vuln leading to remote code execution affecting SolarWinds WebHelpDesk. Find the technical details, indicators of compromise, and proof-of-concept exploit in the blog. https://t.co/s4Sf3AoNlc
@Horizon3Attack
28 Jan 2026
15301 Impressions
58 Retweets
198 Likes
87 Bookmarks
1 Reply
2 Quotes
𧡠Another SolarWinds Web Help Desk deserialization bug. Another patch bypass. We disclosed CVE-2025-40551 β an unauthenticated RCE in SolarWinds Web Help Desk. Hereβs what matters π https://t.co/CilJmdBsYG
@Horizon3ai
28 Jan 2026
261 Impressions
4 Retweets
4 Likes
0 Bookmarks
1 Reply
2 Quotes