SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research. 





We recommend all Web Help Desk customers apply the patch, which is now available. 





We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.
History

Mon, 01 Sep 2025 21:30:00 +0000

Type Values Removed Values Added
Description SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research.  We recommend all Web Help Desk customers apply the patch, which is now available.  We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.
Title SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: SolarWinds

Published:

Updated: 2025-09-01T21:18:58.626Z

Reserved: 2024-03-13T20:27:09.782Z

Link: CVE-2024-28988

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2025-09-01T22:15:30.070

Modified: 2025-09-01T22:15:30.070

Link: CVE-2024-28988

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.