SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVE-2025-40553)

Summary

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

Affected Products

SolarWinds Web Help Desk 12.8.8 HF1 and all previous versions

Fixed Software Release

SolarWinds Web Help Desk 2026.1

Acknowledgments

Piotr Bazydlo working with watchTowr

Advisory Detail
Severity
Critical
Advisory ID

CVE-2025-40553

First Published
01/28/2026
Fixed Version

SolarWinds Web Help Desk 12.8.8 HF2

CVSS Score

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Download PDF
Send an Email