SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability 

(CVE-2025-40551)

Download PDF

Summary

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

Affected Products

SolarWinds Web Help Desk 12.8.8 HF1 and all previous versions

Fixed Software Release

SolarWinds Web Help Desk 2026.1

Acknowledgments

Jimi Sebree working with Horizon3.ai

Advisory Details

Severity

9.8 Critical

Advisory ID

First Published

01/28/2026

Fixed Version

CVSS Score