Detections
Analytics
CVE-2025-40551
critical
Description
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
References
https://www.securityweek.com/cisa-warns-of-exploited-solarwinds-notepad-microsoft-vulnerabilities/
https://www.theregister.com/2026/02/09/solarwinds_mystery_whd_attack/
https://www.securityweek.com/recent-solarwinds-flaws-potentially-exploited-as-zero-days/
https://thehackernews.com/2026/02/solarwinds-web-help-desk-exploited-for.html
https://www.securityweek.com/fresh-solarwinds-vulnerability-exploited-in-attacks/
https://www.infosecurity-magazine.com/news/solarwinds-web-help-desk/
https://thehackernews.com/2026/02/cisa-adds-actively-exploited-solarwinds.html
https://thehackernews.com/2026/02/researchers-observe-in-wild.html
https://www.theregister.com/2026/02/04/critical_solarwinds_web_help_desk/
https://www.securityweek.com/solarwinds-patches-critical-web-help-desk-vulnerabilities/
https://www.helpnetsecurity.com/2026/01/29/solarwinds-web-help-desk-rce-vulnerabilities/
https://thehackernews.com/2026/01/solarwinds-fixes-four-critical-web-help.html
Details
Published: 2026-01-28
Updated: 2026-02-03
Known Exploited Vulnerability (KEV)
Risk Information
CVSS v2
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Severity: Critical
CVSS v3
Base Score: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: Critical
EPSS
EPSS: 0.79316
Vulnerability Watch
Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.
Vulnerability of Interest