CVE-2025-40551

Name of the Vulnerable Software and Affected Versions SolarWinds Web Help Desk versions prior to 2026.1

Description SolarWinds Web Help Desk is susceptible to an untrusted data deserialization vulnerability that allows for remote code execution. This vulnerability can be exploited without authentication, enabling an attacker to run commands on the host machine. The vulnerability, tracked as CVE-2025-40551, resides in the AjaxProxy component and involves improper deserialization of untrusted data. Active exploitation of this flaw has been observed, with attackers potentially using it as an initial access point for multistage attacks, including data exfiltration and deployment of malicious tools. Approximately 25,000 instances are estimated to be exposed. CISA has added this vulnerability to its KEV catalog and has mandated federal agencies to patch by February 6, 2026.

Recommendations Update SolarWinds Web Help Desk to version 2026.1 or later. Restrict network access to the affected application by configuring firewalls to allow connections only from trusted IP ranges.