Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability

Vulnerability

Exploited

Patched

A remote code execution vulnerability has been identified in SolarWinds Web Help Desk versions 12.8.3 HF2 and prior. This issue arises from Java deserialization, allowing attackers to execute commands on the host machine. The vulnerability was discovered by the Zero Day Initiative (ZDI) team, who found that it could be exploited without authentication.

Impact

Exploitation of this vulnerability allows for remote code execution on the host machine.

Remediation

Users are advised to upgrade to SolarWinds Web Help Desk version 12.8.3 HF3, which includes the necessary patch.

Added: Sep 1, 2025, 10:24 PM

Updated: Sep 1, 2025, 10:24 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

10.0

exploitability

9.1

remediation

7.7

relevance

0.5

threat

8.1

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

10.0

exploitability

9.1

remediation

7.7

relevance

0.5

threat

8.1

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

SolarWinds Web Help Desk

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating