CVE-2025-40551
Published Jan 28, 2026
Last updated a month ago
- Description
- SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
- Source
- psirt@solarwinds.com
- NVD status
- Analyzed
- Products
- web_help_desk
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@solarwinds.com
- CWE-502
- Hype score
- Not currently trending
🛡️ Alerta de Seguridad: Vulnerabilidad de Deserialización de Datos No Confiables en SolarWinds Web Help Desk (CVE-2025-40551) SolarWinds Web Help Desk presenta una vulnerabilidad de deserialización de datos no confiables (CWE-502) que permite ejecución remota de código (
@CiberPlanetaOrg
16 Mar 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 30 CVEs for ecosystem (30 days). Top CVEs: CVE-2022-20775, CVE-2025-40551, CVE-2026-1731 VulnSocial — your risk exposure provider. #vulnsocial #CVE #CyberSecurity #VulnerabilityManagement https://t.co/S02Q7THYkX
@vulnsocial
6 Mar 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA is mandating a 3-day patch window for CVE-2025-40551 in SolarWinds Web Help Desk since active exploitation has been confirmed. Full IOCs, attack chain & playbook in our weekly Intel Brief → https://t.co/xsy5V1ByJm #Cybersecurity #ThreatIntel https://t.co/FTBkNEc1HP
@Osec__
5 Mar 2026
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
“SolarWinds Web Help Desk” platformasında boşluq (CVE-2025-40551) aşkar olunub. #ETX #MilliCERT #cybersecurity #kibertəhlükəsizlik #xəbərdarlıq https://t.co/FCXDCAFABW
@CERTAzerbaijan
5 Mar 2026
110 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 30 CVEs for ecosystem (30 days). Top CVEs: CVE-2022-20775, CVE-2026-1281, CVE-2025-40551 VulnSocial — your risk exposure provider. #vulnsocial #CVE #CyberSecurity #VulnerabilityManagement https://t.co/S02Q7THYkX
@vulnsocial
5 Mar 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 10 CVEs for ecosystem (30 days). CVE-2010-5139 CVE-2004-0200 CVE-2008-0015 CVE-2024-43468 CVE-2025-40551 CVE-2018-17144 CVE-2025-11953 CVE-2026-2441 CVE-2026-1731 https://t.co/cWlQJaYf4S #CyberInsights #SecurityUpdate #CyberTrends #TechSecurity #CyberNews #DataProtection
@vulnsocial
2 Mar 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 #CVE-2025-40551 Exploited In The Wild Just 48 Hours After Disclosure – Your #SolarWinds Helpdesk Is Already At Risk + Video https://t.co/9qK0M99ckl Educational Purposes!
@UndercodeUpdate
24 Feb 2026
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Interesting case with CVE-2025-40551 (SolarWinds Helpdesk). We started seeing exploitation activity in our honeypots less than 2 days after disclosure. That early signal meant our customers had visibility into in-the-wild activity several days before broader confirmation later
@noktec
24 Feb 2026
118 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Vulnerability Breakdown: SolarWinds Web Help Desk (CVE-2025-40551) 🚨 A newly disclosed flaw in SolarWinds Web Help Desk enables unauthenticated remote code execution, and it’s not just another CVE, it’s part of a dangerous exploit chain that can lead attackers str
@RidgeSecurityAI
18 Feb 2026
52 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-40551: SolarWinds, back with another CVSS 9.8 Java deserialization RCE. Static passwords too, because why not? Active exploits, domains fall. 2020 déjà vu. SolarWinds: leaving doors, windows open, and key under the mat—again. Patch or join the mugshot club.
@CisoRaging77913
12 Feb 2026
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft and Huntress reported active exploitation of a serious vulnerability in SolarWinds’ Web Help Desk (WHD), CVE-2025-40551, which SolarWinds patched on January 28, 2026. https://t.co/bYA4LEH7Wa
@CognitiveAsia
11 Feb 2026
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SolarWinds Web Help Desk Flaws Actively Exploited to Deploy C2, Tunnels, and SSH Backdoors Attackers are exploiting SolarWinds Web Help Desk vulnerabilities (CVE-2025-40551, CVE-2026-26399) for initial access, then installing a maliciously configured Zoho ManageEngine Assist
@ThreatSynop
11 Feb 2026
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Attackers are exploiting SolarWinds Web Help Desk (WHD) using a chain of vulnerabilities, including two zero-days (vulnerabilities CVE-2025-40551 and CVE-2025-40536). These flaws allow remote code execution and authentication bypass. If you use SolarWinds WHD, update to the
@cybernewslive
10 Feb 2026
83 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Active exploitation of SolarWinds Web Help Desk (CVE-2025-26399, CVE-2025-40551): actors deployed Zoho ManageEngine RMM and Velociraptor via MSIs staged on Catbox and Supabase; affected versions prior to 12.8.7 HF1. #solarwinds #velociraptor #zoho https://t.co/BlZ01sATAW
@hasamba
10 Feb 2026
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
最近修正されたSolarWindsの脆弱性、ゼロデイとして悪用されていた可能性(CVE-2025-40551他) | Codebook|Security News https://t.co/vDNFSrYhMd
@ohhara_shiojiri
10 Feb 2026
69 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 SolarWinds Web Help Desk CVE-2025-40551 Active Exploitation Campaign [Critical] Feb 10, 2026 Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1 https://t.co/QuwNtEgYh1 #ThreatIntelligence #CyberSecurity #Innovation #LLM https://t.co/SHBQF9cRtr
@transilienceai
10 Feb 2026
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security deep dive: Critical Analysis CVE-2025-40551 - SolarWinds Web Help Desk Deserialization.... Actionable advice for practitioners. Read more: https://t.co/x7WkSzjSt1
@TomarPrateek23
10 Feb 2026
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️最近修正されたSolarWindsの脆弱性、ゼロデイとして悪用されていた可能性(CVE-2025-40551他) 〜サイバーアラート 2/10〜 https://t.co/RRhK8euNNp
@MachinaRecord
10 Feb 2026
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Solarwinds vulns are being actively exploited. Extensive info, incl. fix info, at SecAlerts: CVE-2025-40551 (CVSS 9.8) - https://t.co/naxlLilyde CVE-2025-26399 (CVSS 9.8) - https://t.co/oLzBFWDokL #ciso #cio #cto #vulnerabilities #cybersecurity #msp #mssp #solarwinds
@SecAlertsCo
10 Feb 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Descubre el CVE-2025-40551 y su impacto en SolarWinds. Más info aquí: https://t.co/rfpwB4b6zW #Ciberseguridad #SolarWinds
@AlejosAngel
9 Feb 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers. Last week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-40551 to its Known Exploited Vulnerabilities (KEV) catalog. https://t.co/xdoYXE6ETW https://t.co/H4xpac
@riskigy
9 Feb 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The most slept-on #CyberDeception feature is negative MTTD/MTTR for emerging threats. #SolarWinds unsafe deserialization, CVE-2025-40551: Disclosed 1/29/26 and added to #KEV 2/3/26. Divert has blocked anything that touched #SolarWind endpoints since last April in our PoC. https:/
@Divert_Security
9 Feb 2026
65 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Active SolarWinds Web Help Desk exploits (CVE-2025-40551+) lead to domain takeover. From RCE to DCSync in weeks. Thread on tactics + hunts. https://t.co/kG1YkaALc4 #ZeroDaysCVEs #Cybersecurity #Infosec ⚠️🔍
@CyberEdition
9 Feb 2026
56 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-26399 / CVE-2025-40551 / CVE-2025-40536 ⚠️ SolarWinds Web Help Desk – Actively Exploited RCE SolarWinds Web Help Desk (WHD) installations exposed to the internet are being actively exploited via unauthenticated remote code execution. Observed intrusions sho
@modat_magnify
9 Feb 2026
144 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SolarWinds Web Help Desk RCE Exploited to Drop Zoho Assist, Velociraptor, and Cloudflared Tunnels Attackers are actively exploiting SolarWinds Web Help Desk deserialization flaws (notably CVE-2025-40551 / CVE-2025-26399, plus related CVE-2025-40536) to gain unauthenticated
@ThreatSynop
9 Feb 2026
74 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
#ITSecurity SolarWinds again and reminders: CVE-2025-40551Unauthenticated RCE via AjaxProxy deserialization, 9.8 Remote command execution CVE-2025-40536 Protection bypass via bogus “/ajax/” parameter, 8.1 Access to restricted WebObjects
@seaarepea
8 Feb 2026
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【情シス必読】Officeファイルは「見るだけ」で感染します。 SolarWindsとOfficeの脆弱性(CVE-2025-40551、CVE-2026-21509)が悪用されAD乗っ取りの危機です。「マクロ無効化」では防げません。👇 https://t.co/CvTYL87kX6 #Mb_S
@sec_mb
8 Feb 2026
93 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-40551 - critical 🚨 SolarWinds Web Help Desk < 2026.1 - Unauthenticated JNDI Injection RCE > SolarWinds Web Help Desk before version 2026.1 contains an insecure deserialization v... 👾 https://t.co/3ZHUc8BJ2K @pdnuclei #NucleiTempl...
@pdnuclei_bot
8 Feb 2026
181 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Microsoft Defender 연구팀은 SolarWinds Web Help Desk(WHD)의 취약점을 악용한 실제 공격 사례를 발견 현재 추가 조사를 통해 악용된 실제 취약점( CVE-2025-40551 (신뢰할 수 없는 데이터 역직렬화), CVE-2025-40536 (보안 제어 우회),
@ngnicky
7 Feb 2026
124 Impressions
0 Retweets
0 Likes
2 Bookmarks
0 Replies
0 Quotes
SolarWinds RCE flaw (CVE-2025-40551) is now on CISA’s KEV list, proof that attackers exploit low-complexity bugs in trusted platforms. Insight from Cobalt’s Joe Brinkley in @ComputerWeekly: https://t.co/7LbucAir11 #cybersecurity #pentesting #infosec
@cobalt_io
7 Feb 2026
183 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
An urgent warning regarding a critical remote code execution (RCE) vulnerability in SolarWinds Web Help Desk. The vulnerability, tracked as CVE-2025-40551, exploits unsafe deserialization of untrusted ... 🛜 Read More @ https://t.co/u3sXp1Z2Q2
@Roguevaultnews
7 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Analysis of active exploitation of SolarWinds Web Help Desk - https://t.co/InJP6reBJn #threatintel #solarwinds-web-help-desk #cve-2025-40551 #cve-2025-40536 #cve-2025-26399 #rce-exploitation
@RedPacketSec
7 Feb 2026
96 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Recent reporting by Microsoft Security Blog highlights active exploitation of SolarWinds Web Help Desk (WHD) through unpatched vulnerabilities, including newly disclosed CVE-2025-40551 and CVE-2025-40536. While the report does not explicitly attribute the attacks to
@ox0ffff
7 Feb 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Just published: Critical Analysis CVE-2025-40551 - SolarWinds Web Help Desk Deserialization.... Practical security guidance from the trenches. Read more: https://t.co/Q2v41DXx91
@TomarPrateek23
7 Feb 2026
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Recent reporting by CISA KEV highlights a critical vulnerability in SolarWinds Web Help Desk, designated CVE-2025-40551, which exposes systems to remote code execution without authentication. This development occurs amid escalating global cyber conflict dynamics, where
@ox0ffff
6 Feb 2026
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Patch latency is becoming a national security risk. IT support tools are now part of the attack surface. CISA added CVE-2025-40551 in SolarWinds Web Help Desk to the KEV list. Government agencies must remediate it by Feb 6, 2026. This pushes zero-day response pressure deep into
@MartinSzerment
6 Feb 2026
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SolarWinds Web Help Desk Critical RCE (CVE-2025-40551) Now Actively Exploited in the Wild Cybersecurity Dive reports active exploitation of CVE-2025-40551 (CVSS 9.8), an unauthenticated insecure-deserialization flaw in SolarWinds Web Help Desk that enables remote code
@ThreatSynop
6 Feb 2026
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SolarWinds Web Help Desk Under Active Exploitation: Unauth RCE (CVE-2025-40551) Forces Rapid Patching UpGuard’s vulnerability overview details CVE-2025-40551 (CVSS 9.8) in SolarWinds Web Help Desk, an untrusted deserialization bug in the AjaxProxy component that enables
@ThreatSynop
6 Feb 2026
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 URGENTE: CISA ordena el parcheo inmediato de SolarWinds Web Help Desk antes del 6 de febrero. La vulnerabilidad CVE-2025-40551 (RCE crítica 9.8) está siendo explotada activamente según Horizon3ai. ¡Actualiza a la versión 2026.1 ya! 💻🔥 #SolarWinds #CISA #CyberAtta
@ciberconciencia
5 Feb 2026
98 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISAがSolarWinds Web Help Deskの脆弱性のサイバー攻撃への悪用確認(CVE-2025-40551) https://t.co/TM3RJ8dWLB #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
@securityLab_jp
5 Feb 2026
118 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SolarWinds Web Help Desk flaw CVE-2025-40551 is under active exploitation, with 170+ internet-exposed installs vulnerable to unauthenticated RCE; CISA adds bug to KEV and orders rapid patching. https://t.co/Xn14T4terd
@threatcluster
5 Feb 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-40551 was added to CISA’s Known Exploited Vulnerabilities Catalog on Tuesday. Federal civilian agencies have to patch it until Friday. #CISA #cybersecurity https://t.co/okeAqRzsgI
@CyberNews
5 Feb 2026
330 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 170+ SolarWinds Web Help Desk Servers Exposed to Actively Exploited Unauth RCE (CVE-2025-40551) Over 170 internet-facing SolarWinds Web Help Desk instances are still vulnerable to an unauthenticated insecure-deserialization RCE (CVSS 9.8) in AjaxProxy, now confirmed exploite
@ThreatSynop
5 Feb 2026
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#SolarWinds confirms active exploitation of Web Help Desk flaws. CVE-2025-40551 enables unauthenticated RCE via AjaxProxy deserialization and is listed in CISA KEV. Additional WHD RCE and auth bypass issues identified; exploitation unconfirmed. https://t.co/TMY3gpnRtJ
@MeridianEU
5 Feb 2026
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
For the last few days, we have been sharing SolarWinds Help Desk CVE-2025-40551 RCE vulnerable IPs (version check based) - ~170 seen. This vuln is now on @CISACyber KEV. Data in Vulnerable HTTP reports: https://t.co/qxv0Gv5ELc Dashboard Tree Map view: https://t.co/zzg4wFSQVr ht
@Shadowserver
5 Feb 2026
1998 Impressions
6 Retweets
17 Likes
2 Bookmarks
1 Reply
1 Quote
🚨 CVE-2025-40551 (CVSS 9.8): SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which
@zoomeye_team
5 Feb 2026
1164 Impressions
3 Retweets
14 Likes
7 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-40551 (CVSS 9.8): SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which
@zoomeye_team
5 Feb 2026
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security deep dive: Critical Analysis CVE-2025-40551 - SolarWinds Web Help Desk Deserialization.... Actionable advice for practitioners. Read more: https://t.co/Cf7CJ2EURY #
@TomarPrateek23
5 Feb 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Vulnerability Alert: CVE-2025-40551 in SolarWinds Web Help Desk https://t.co/GvRNvawxs4
@StratoKey
4 Feb 2026
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Today's #Cybersecurity Pulse (Feb 4, 2026): CISA adds critical SolarWinds Web Help Desk RCE flaw (CVE-2025-40551) to KEV catalog — patch NOW! Interlock ransomware deploys new "Hotta Killer" to evade EDR via driver exploits. Italy thwarts Russia-linked attacks on embassies &
@ImperialTechSvc
4 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CADB33-214C-441A-BB62-64811EBBEB29",
"versionEndExcluding": "2026.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]