SolarWinds Help Desk Flaw Under Active Attack
▼ Summary
– A critical vulnerability (CVE-2025-40551) in SolarWinds Web Help Desk is being actively exploited, prompting a US security agency warning.
– The flaw is a deserialization issue allowing unauthenticated attackers to execute remote code and gain admin access, with a CVSS score of 9.8.
– It is one of four critical vulnerabilities patched by SolarWinds, all with a CVSS score of 9.8, though only one is confirmed as actively exploited.
– Attackers could chain these vulnerabilities to gain complete system control for activities like data theft and ransomware.
– Federal agencies have a three-day patching deadline, and all organizations are urged to update to Web Help Desk 2026.1 immediately.
A critical vulnerability in SolarWinds Web Help Desk software is now under active attack, prompting urgent patching directives from US cybersecurity authorities. The flaw, tracked as CVE-2025-40551, allows unauthenticated attackers to execute remote code and gain administrative control over affected systems. The US Cybersecurity and Infrastructure Security Agency (CISA) has mandated that federal agencies apply the available patch by this Friday, signaling the immediate danger posed by ongoing exploitation.
This vulnerability carries a maximum severity rating of 9.8 on the CVSS scale. Experts describe it as a deserialization flaw, where processing malicious, untrusted data enables an attacker to run arbitrary commands on the underlying server. The software is widely deployed across government entities and private sector organizations, particularly within education and healthcare, making it a high-value target for threat actors.
The actively exploited bug is one of four critical vulnerabilities recently patched by SolarWinds. Security researchers from Horizon3.ai and watchTowr discovered these flaws, which were all addressed in an update released on January 28. While CVE-2025-40551 is confirmed to be under attack, the other three vulnerabilities are equally severe, each also scoring 9.8.
The remaining critical flaws include two authentication bypass issues, CVE-2025-40552 and CVE-2025-40554, and another remote code execution vulnerability, CVE-2025-40553. Attackers could potentially chain these vulnerabilities together. For instance, they might use an authentication bypass to gain a foothold and then leverage an RCE flaw to take complete control of the system. This could lead to devastating outcomes like lateral movement across networks, sensitive data theft, or ransomware deployment.
Although CISA’s binding order applies specifically to federal agencies, the guidance is universal. All organizations using SolarWinds Web Help Desk must treat this with the highest priority. The recommended action is to immediately update all instances to version Web Help Desk 2026.1 by following the vendor’s official patching instructions. Delaying this update significantly increases the risk of a major security incident.
(Source: InfoSecurity Magazine)
