CVE-2025-40551
Description
Critical RCE vulnerability in SolarWinds Web Help Desk (CVE-2025-40551) allows unauthenticated attackers to execute commands via deserialization.
CPE
| Product | Version Start | Version End (excl.) | Status |
|---|---|---|---|
| web_help_desk | * | 2026.1 | vulnerable |
Related weakness (CWE)
Remediation plan
Apply official patches
Download and install the latest security updates provided by SolarWinds. The vendor has released version 2026.1 to specifically address this deserialization vulnerability and mitigate RCE risks.
Update affected systems
Audit your environment for any instances of SolarWinds Web Help Desk running versions prior to 2026.1. Ensure all identified installations are upgraded to the patched version immediately.
Restrict access
Implement strict network-level access controls to the Web Help Desk interface. Use firewalls or VPNs to ensure the application is only accessible to authorized internal users and is not exposed to the public internet.
Monitor for exploitation
Review endpoint detection and response (EDR) logs for the Web Help Desk service spawning unexpected child processes like cmd.exe or /bin/sh, which are common indicators of successful RCE exploitation.
Detection Guidance
Monitor web server logs for suspicious POST requests containing serialized Java objects, often identified by the 'AC ED 00 05' hex header or large Base64-encoded strings. Use network security monitoring to flag unusual outbound connections from the Web Help Desk server. Additionally, look for unexpected file writes in application directories or the execution of system-level commands by the service account associated with the SolarWinds application.