Critical SolarWinds Web Help Desk bug under attack

Critical SolarWinds Web Help Desk bug under attack

Briefly

"The vulnerability under attack, CVE-2025-40551, is an untrusted deserialization flaw that can lead to remote code execution, allowing a remote, unauthenticated attacker to execute OS commands on the affected system. SolarWinds fixed the security hole, along with five others, in Web Help Desk version 2026.1, released on January 28. Horizon3.ai and watchTowr researchers reported these six bugs to the software vendor, with Horizon3 warning that "these vulnerabilities are easily exploitable.""

"While we don't know who is attacking the latest Web Help Desk vulnerability, or what they are doing with the access to vulnerable machines, the abbreviated deadline for federal agencies to fix indicates a serious threat. Federal agencies are typically required to remediate known exploited vulnerabilities within 14 days of the bugs being added to the catalog. In urgent cases, however, CISA sets a shorter deadline, usually a week, but in this case of CVE-2025-40551, it's just three days."

"Plus, they pointed out, SolarWinds' Web Help Desk product has made two previous appearances, both times in 2024, in CISA's Known Exploited Vulnerabilities catalog, "indicating that it is a target for real-world attackers." These were CVE-2024-28987, a critical, hardcoded login credential bug and CVE-2024-28986, a deserialization RCE vulnerability that was patched three times before the fix worked and attackers weren't able to bypass it."