Over 170 instances of SolarWinds Web Help Desk installations have been identified as vulnerable to a significant remote code execution (RCE) flaw. This vulnerability, actively exploited in the wild, has been added to the Known Exploited Vulnerabilities (KEV) catalog by the Cybersecurity and Infrastructure Security Agency (CISA).
Understanding the SolarWinds Vulnerability
The identified vulnerability, known as CVE-2025-40551, has a critical CVSS score of 9.8. It allows attackers to run arbitrary commands on affected systems without authentication by exploiting insecure data deserialization. The flaw is present in SolarWinds Web Help Desk versions prior to 2026.1 and affects the AjaxProxy functionality.
According to reports from the Shadowserver Foundation, these vulnerable installations have been discovered through their Vulnerable HTTP reports, highlighting the risk as these systems are publicly accessible and require no authentication for exploitation.
Research and Discovery
Research conducted by Horizon3.ai unveiled this vulnerability along with other security issues such as static credentials and bypasses of security protections. The primary concern with CVE-2025-40551 is its potential to compromise entire systems without user interaction, giving attackers control over the system’s confidentiality, integrity, and availability.
SolarWinds has since released version 2026.1 to mitigate this and related vulnerabilities, including CVE-2025-40552, CVE-2025-40553, and CVE-2025-40554, all carrying critical CVSS scores of 9.8.
Active Exploitation and Mitigation
CISA’s addition of CVE-2025-40551 to its KEV catalog on February 3, 2026, highlights ongoing exploitation activities. Federal agencies are mandated to address this vulnerability by February 6, 2026, under Binding Operational Directive 22-01. This urgency underscores the elevated threat beyond just federal systems, as attackers target these vulnerabilities to exploit IT management platforms.
BitSight has assigned a Dynamic Vulnerability Exploit (DVE) score of 9.19 to this flaw, indicating severe technical risk and a high probability of exploitation. The company’s analysis points out the continued focus of attackers on IT management systems due to their critical access and operational roles.
Organizations using affected versions are advised to implement the updates provided by SolarWinds immediately to mitigate these risks. The active exploitation and widespread use of SolarWinds Web Help Desk make it imperative for users to secure their systems promptly.
Stay informed on the latest cybersecurity developments by following us on Google News, LinkedIn, and X.
