← Volver a CVEs
CVE-2025-40551
CRITICALCISA KEV9.8
Descripcion
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado1/28/2026
Ultima modificacion2/4/2026
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorSolarWinds
ProductoWeb Help Desk
Nombre vulnerabilidadSolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
Fecha inclusion KEV2026-02-03
Fecha limite remediacion2026-02-06
Uso en ransomwareUnknown
Productos afectados
solarwinds:web_help_desk
Debilidades (CWE)
CWE-502
Referencias
https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm(psirt@solarwinds.com)
https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40551(psirt@solarwinds.com)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40551(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.