Critical SolarWinds Web Help Desk bug under attack
Summary
Attackers are actively exploiting a critical vulnerability in SolarWinds Web Help Desk (CVE-2025-40551), disclosed and patched less than a week ago. The flaw is an untrusted deserialization bug that can lead to remote code execution, allowing unauthenticated attackers to execute OS commands on affected systems. SolarWinds released a fix in Web Help Desk version 2026.1 (28 January 2026) after researchers from Horizon3.ai and watchTowr reported the issue. The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch within three days, signalling an urgent, active threat.
Key Points
- CVE-2025-40551 is an untrusted deserialization vulnerability that enables remote code execution (RCE).
- SolarWinds patched the issue in Web Help Desk 2026.1, released 28 January 2026.
- Researchers (Horizon3.ai, watchTowr) warned the vulnerability is easily exploitable.
- CISA set a three-day remediation deadline for US federal agencies — much shorter than the usual 14 days.
- Web Help Desk has a history of previously exploited and repeatedly patched vulnerabilities, making it a recurring target.
- SolarWinds says it has not observed widespread exploitation but recommends customers apply the patch promptly.
Author style
Punchy: This is urgent — the federal cyber agency shortened its deadline because attackers are active. If you manage infrastructure, don’t ignore this.
Why should I read this?
Short version: patch now. If you run SolarWinds Web Help Desk, your systems could be vulnerable to remote takeover. We’ve cut through the technical detail and pulled out what you need to know so you can check your estate and deploy the update quickly. If you’re responsible for IT security or incident response, this is one to act on immediately.