ET WEB_SPECIFIC_APPS SolarWinds Web Help Desk Unauthenticated Remote Code Execution via Java Deserialization (CVE-2025-40551)

SID: 2067189Rev: 17 views
Sourceet/open
CreatedJanuary 29, 2026
UpdatedJanuary 29, 2026
Classificationweb-application-attack
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS SolarWinds Web Help Desk Unauthenticated Remote Code Execution via Java Deserialization (CVE-2025-40551)"; flow:established,to_server; http.uri; content:"/helpdesk/WebObjects/Helpdesk.woa/wo/"; fast_pattern; pcre:"/^[\d\.]+/R"; http.request_body; content:"|22|java|2e|"; pcre:"/^[^\x22]*?(?:parentpopup|wonoselectionstring|dummy|mdssubmitlink|mdsform__enterkeypressed|mdsform__shiftkeypressed|mdsform__altkeypressed|_csrf)/R"; content:"|22|method|22 3a|"; content:"|22|wopage|2e|"; within:9; reference:url,horizon3.ai/attack-research/cve-2025-40551-another-solarwinds-web-help-desk-deserialization-issue/; reference:cve,2025-40551; classtype:web-application-attack; sid:2067189; rev:1; metadata:affected_product SolarWinds, attack_target Server, tls_state TLSDecrypt, created_at 2026_01_29, cve CVE_2025_40551, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence High, signature_severity Major, tag Exploit, updated_at 2026_01_29, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)

References

urlhorizon3.ai/attack-research/cve-2025-40551-another-solarwinds-web-help-desk-deserialization-issue/
cve2025-40551

Metadata

affected productSolarWinds
attack targetServer
tls stateTLSDecrypt
created at2026_01_29
deploymentSSLDecrypt
confidenceHigh
signature severityMajor
tagExploit
updated at2026_01_29
mitre tactic idTA0001
mitre tactic nameInitial_Access
mitre technique idT1190
mitre technique nameExploit_Public_Facing_Application

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!