AI description
CVE-2025-40553 is an untrusted data deserialization vulnerability affecting SolarWinds Web Help Desk. This flaw could enable an attacker to achieve remote code execution, allowing them to run commands on the host machine. The vulnerability can be exploited without requiring authentication.
- Description
- SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
- Source
- psirt@solarwinds.com
- NVD status
- Undergoing Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@solarwinds.com
- CWE-502
- Hype score
- Not currently trending
CVE-2025-40553: SolarWinds WHD—unauth RCE via Java gadget chains. CVSS 9.8, 90% unpatched. Four critical CVEs in one product. SolarWinds gave us supply chain compromise in 2020—now they're targeting your helpdesk. CWE-502, entirely predictable. Legacy? No, negligence.
@CisoRaging77913
3 Feb 2026
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SolarWinds Fixes Critical Web Help Desk Bugs Enabling Auth Bypass and Remote Code Execution SolarWinds patched multiple WHD flaws (fixed in Web Help Desk 2026.1) including auth bypass (CVE-2025-40552, CVE-2025-40554) and unsafe deserialization RCE (CVE-2025-40553,
@ThreatSynop
30 Jan 2026
83 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼️ SolarWinds Web Help Desk RCE Hit by Multiple Critical Security Flaws; CVE-2025-40551, CVE-2025-40552, CVE-2025-40553, CVE-2025-40554 CVSS: All 9.8 CVEs Published: January 28th, 2026 CVE-2025-40551: SolarWinds Web Help Desk was found to be susceptible to an untrusted data
@DarkWebInformer
29 Jan 2026
2877 Impressions
7 Retweets
17 Likes
12 Bookmarks
2 Replies
0 Quotes
#SolarWinds released Security Update to address a Deserialization of Untrusted Data Vulnerability in SolarWinds Web Help Desk. Apply Update! #CVE-2025-40553 https://t.co/BD5QfPEnmH
@NCIIPC
29 Jan 2026
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
On January 28, 2026, SolarWinds disclosed multiple vulnerabilities in their Web Help Desk product, including four critical CVEs (CVE-2025-40551, CVE-2025-40552, CVE-2025-40553, CVE-2025-40554) allowing unauthenticated remote code execution or authentic... https://t.co/wNVNK3Es3P
@securityRSS
29 Jan 2026
83 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVE-2025-40553) URL: https://t.co/qNFRAFo1cC Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.8
@samilaiho
29 Jan 2026
290 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SolarWinds has just announced four high-severity vulnerabilities in its Web Help Desk (WHD). CVE-2025-40551 & CVE-2025-40553 (Unauthenticated RCE) CVE-2025-40552 & CVE-2025-40554 (Auth Bypass) https://t.co/pR8mqjT5NL https://t.co/j3F2jxa30N
@TheHackerWire
28 Jan 2026
84 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-40553 Unauthenticated Remote Code Execution in SolarWinds Web Help Desk via Deserialization https://t.co/bdOhnRC4Dc
@VulmonFeeds
28 Jan 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-40553 SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an… https://t.co/HSSIV4j5fQ
@CVEnew
28 Jan 2026
207 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes