What is CVE-2025-40551?

CVE-2025-40551 is a critical untrusted data deserialization vulnerability in SolarWinds Web Help Desk with a CVSS score of 9.8. It allows unauthenticated attackers to achieve remote code execution (RCE) by sending malicious Java objects to the AjaxProxy functionality.

Is the SolarWinds Web Help Desk vulnerability being exploited?

Yes, CISA has confirmed active exploitation of CVE-2025-40551 and added it to the Known Exploited Vulnerabilities (KEV) catalog on February 3, 2026.

Which versions of SolarWinds Web Help Desk are affected?

All versions of SolarWinds Web Help Desk prior to version 2026.1 are affected by these vulnerabilities.

How can organizations mitigate this threat?

Organizations must update to SolarWinds Web Help Desk version 2026.1 immediately. Federal agencies are required by CISA to apply this patch by February 6, 2026.

What other vulnerabilities were fixed in the WHD 2026.1 update?

The update also addresses CVE-2025-40553 (RCE), CVE-2025-40537 (hardcoded credentials), CVE-2025-40536 (security bypass), and two authentication bypass flaws (CVE-2025-40552 and CVE-2025-40554).

Attack

CISA Mandates Immediate Patching for Actively Exploited SolarWinds Web Help Desk RCE Flaw

published: Feb. 4, 2026

Take action: If you are using Web Help Desk, this is urgent and important. Your Solar Web Help Desk is under attack. If your process allows for it, isolate Web Help Desk from the internet, then plan a quick update. If you can't isolate from the internet, patch now!

Learn More

CISA warns that at least one of the recently reported critical flaws in SolarWinds is actively exploited.

The exploited vulnerability is CVE-2025-40551 (CVSS score 9.8), an untrusted data deserialization flaw discovered. This flaw represents a persistent challenge for the product, as it bypasses previous security fixes for similar deserialization issues like CVE-2024-28986. Additional vulnerabilities addressed in the same update include:

CVE-2025-40553 (CVSS score 9.8) - A critical deserialization flaw allowing unauthenticated RCE.
CVE-2025-40537 (CVSS score 8.1) - A hardcoded credentials vulnerability in the default demo account.
CVE-2025-40536 (CVSS score 8.1) - A security control bypass allowing access to restricted functions.
CVE-2025-40552 (CVSS score 7.5) - An authentication bypass flaw.
CVE-2025-40554 (CVSS score 7.5) - A second authentication bypass flaw.

The flaws affect versions of SolarWinds Web Help Desk prior to version 2026.1.

In response to active exploitation, CISA issued a mandate under Binding Operational Directive (BOD) 22-01, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the security updates by February 6, 2026.

SolarWinds has not publicly confirmed the use of external incident response firms but continues to monitor its customer base of over 300,000 organizations for further signs of abuse.

CISA Mandates Immediate Patching for Actively Exploited SolarWinds Web Help Desk RCE Flaw

Read More
Hackers exploit ThinkPHP framework vulnerabilities in active attacks
Gogs Zero-Day vulnerability actively exploited
Active GithHub Phishing campaign impersonating GitHub Recruitment
Citrix Netscaler CVE-2023-4966 actively exploited
Very advanced phishing campaign targets LastPass users