Find notable cyber news and cases, enriched with sources, timelines, and signals.

SolarWinds Web Help Desk untrusted data deserialization RCE (CVE-2025-40553)

Vulnerability
First reported
Last updated
Happening score
H score 89
2 unique sources, 2 articles

Summary

Hide ▲

SolarWinds Web Help Desk CVE-2025-40553 is a critical remote code execution flaw that can let unauthenticated or unprivileged attackers run commands on vulnerable hosts. SolarWinds has released security updates and says upgrading to Web Help Desk 2026.1 addresses the issue. The bug stems from an untrusted data deserialization weakness, making exposed help desk servers a high-risk target.

Related Happenings

SolarWinds Serv-U advisory and mitigations for CVE-2026-28318

Advisory/Mitigation
H score52 First: 06.06.2026 11:14 Last: 06.06.2026 11:14 Sources 1

About this happening: **SolarWinds Serv-U** mitigation guidance now covers **CVE-2026-28318**, reducing **unauthenticated DoS** risk from specially crafted POST requests. SolarWinds says the flaw is ad...

CISA KEV order for SolarWinds Serv-U CVE-2026-28318

Public Sector Action
H score50 First: 06.06.2026 11:14 Last: 06.06.2026 11:14 Sources 1

About this happening: **CISA** added **CVE-2026-28318** affecting **SolarWinds Serv-U** to the **KEV catalog** and ordered **FCEB agencies** to remediate it by **June 19, 2026**. The directive expands...

SolarWinds Web Help Desk (WHD) multi-stage exploitation wave

Exploitation Wave
H score44 First: 09.02.2026 16:42 Last: 09.02.2026 16:42 Sources 1

About this happening: **SolarWinds Web Help Desk (WHD)** exploitation is a **multi-stage intrusion wave** affecting **internet-exposed WHD instances**. The foothold remains unconfirmed, but the wave is...

Latest development: 10.03.2026 08:17

CISA added CVE-2025-26399 in SolarWinds Web Help Desk to its Known Exploited Vulnerabilities (KEV) catalog after evidence of active exploitation, said Microsoft and Huntress had reported threat actors using SolarWinds Web Help Desk flaws to obtain initial access, attributed the activity to the Warlock ransomware crew, and ordered Federal Civilian Executive Branch (FCEB) agencies to apply the fix by March 12, 2026.

BeyondTrust Remote Support and Privileged Remote Access pre-auth OS command injection (CVE-2026-1731)

Vulnerability
H score75 First: 09.02.2026 10:03 Last: 09.02.2026 10:03 Sources 1

About this happening: **CVE-2026-1731** is a **critical pre-authentication OS command injection** in **BeyondTrust Remote Support** and **Privileged Remote Access** that can let an **unauthenticated at...

Latest development: 09.02.2026 15:07

BeyondTrust secured all RS/PRA cloud systems by February 2, 2026 and directed on-premises customers to manually upgrade to Remote Support 25.3.2 or later and Privileged Remote Access 25.1.1 or later if automatic updates were not enabled.

CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551

Public Sector Action
H score53 First: 04.02.2026 07:50 Last: 04.02.2026 07:50 Sources 1

About this happening: **CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...

Timeline

  1. 28.01.2026 16:39 3 articles · 5mo ago

    SolarWinds patches Web Help Desk CVE-2025-40553

    Mitigation Patch Update

    SolarWinds released security updates for Web Help Desk to address CVE-2025-40553, a critical remote code execution flaw reported by watchTowr's Piotr Bazydlo that stems from an untrusted data deserialization weakness and can let attackers without privileges run commands on vulnerable hosts. SolarWinds says upgrading vulnerable servers to Web Help Desk 2026.1 addresses the issue.

    Show sources