Unrated severityNVD Advisory· Published Jan 28, 2026· Updated Feb 27, 2026

SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability

CVE-2025-40553

Description

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

Affected products

Webhelpdesk/Web Help Deskllm-fuzzy
SolarWinds/Web Help Deskv5
Range: 12.8.8 HF1 and below

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htmmitrerelease-notes
www.solarwinds.com/trust-center/security-advisories/CVE-2025-40553mitre

News mentions

16th March – Threat Intelligence Report
Check Point Research · Mar 16, 2026
Buy A Help Desk, Bundle A Remote Access Solution? (SolarWinds Web Help Desk Pre-Auth RCE Chain(s))
watchTowr Labs · Feb 25, 2026

cvss	0.000
epss	0.014
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000