CVE-2025-40551 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SolarWinds	CNA	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Affected Products (NVD)

Vendor	Product	Version
solarwinds	web_help_desk	𝑥 < 2026.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-502 - Deserialization of Untrusted Data
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Vulnerability Media Exposure

[ENGLISH] SolarWinds Web Help Desk Vulnerability Actively Exploited
CISA has added a critical CVE in SolarWinds Web Help Desk to its KEV Catalog
Published: 2026-02-04T10:15:00+00:00
[GERMAN] Jetzt patchen! Abermals Attacken auf SolarWinds Web Help Desk beobachtet
Sicherheitsforschern zufolge nutzen Angreifer derzeit kritische Schadcode-Lücken in SolarWinds Web Help Desk aus.
Published: 2026-02-10T08:17:00+00:00
[ENGLISH] Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability
Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products, according to watchTowr. "Overnight we observed first in-the-wild exploitation of BeyondTrust across our global sensors," Ryan Dewhurst, head of threat intelligence at watchTowr, said in a post on X. "Attackers are abusing
Published: 2026-02-13T14:04:00+05:30

References

https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm

https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40551

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40551