A critical vulnerability in SolarWinds Web Help Desk is facing exploitation activity, about a week after the security flaw was disclosed.
The vulnerability, tracked as CVE-2025-40551, involves deserialization of untrusted data and enables an attacker to achieve remote code execution. This would allow an attacker to execute commands on a host machine. The vulnerability has a severity score of 9.8.
The Cybersecurity and Infrastructure Security Agency on Tuesday added the flaw to its Known Exploited Vulnerabilities catalog.
Researchers at Shadowserver Foundation on Thursday reported about 170 vulnerable IPs.
The problem results from unsafe handling of attacker-controlled Java objects within Ajax Java functionality, according to researchers at Horizon3.ai.
The vulnerability is one of four critical flaws in the product. SolarWinds issued an advisory on Jan. 28, asking users to upgrade to a patched version.
The security risk is considered important to enterprise users because Web Help Desk is used for IT ticketing and asset management, according to a blog released by Rapid7. An attack could affect a company’s incident response and access control capabilities.