A critical vulnerability in SolarWinds’ Web Help Desk service has been identified and added to the US Cybersecurity and Infrastructure Security Agency’s (Cisa’s) Known Exploited Vulnerabilities (Kev) catalogue as exploitation continues to spread.
CVE-2025-40551, along with five other common vulnerabilities and exposures (CVEs) disclosed by SolarWinds in a recent advisory, poses a serious threat to users. This vulnerability, stemming from Common Weakness Enumeration (CWE) 502 – deserialization of untrusted data, allows attackers to execute remote code on the target system if left unaddressed.
The other vulnerabilities listed in SolarWinds’ advisory include an authentication bypass vulnerability, another RCE flaw from deserialization, a second authentication bypass, a flaw enabling attackers to bypass access controls, and one that may lead to privilege elevation. All of these vulnerabilities have been marked with high or critical Common Vulnerability Scoring System (CVSS) ratings.
An update released by SolarWinds has addressed all six issues, with Web Help Desk now at version 2026.1, fixing the vulnerabilities.
Security researcher Jimi Sebree of Horizon3.ai, who discovered CVE-2025-40551 in early December, emphasized the importance of updating promptly due to the vulnerability’s easy exploitability, especially since it can be exploited without authentication.
Experts warn that vulnerabilities like these are often underestimated until they are actively exploited, emphasizing the need for proactive validation and patching. The speed at which vulnerabilities can be exploited highlights the importance of continuous controls monitoring to ensure resilience under real-world attack pressure.
Widely-used product
SolarWinds Web Help Desk is a popular helpdesk and IT service management platform used by organizations of various sizes. The platform offers ticketing, asset tracking, service level agreement (SLA) management, and workflow automation for IT support teams.
Given its widespread use, the addition of Web Help Desk to the Cisa catalogue indicates a potentially high level of exposure within the US federal government. Organizations are urged to complete their updates promptly to mitigate risks.
Chief Information Security Officer Dale Hoak of RegScale emphasized the importance of continuous controls monitoring in quickly addressing vulnerabilities and maintaining resilience against evolving threats.
