Urgent Security Alert: Critical RCE Vulnerability in SolarWinds Web Help Desk
A critical security vulnerability has been identified in SolarWinds Web Help Desk, demanding immediate attention from IT administrators and security teams. The flaw, if exploited, could allow unauthenticated attackers to achieve remote code execution (RCE), potentially leading to a complete system compromise.
This high-severity vulnerability is tracked as CVE-2024-28995 and carries a CVSS score of 9.8 out of 10, underscoring the extreme risk it poses to affected organizations. The vulnerability exists within the software’s integration of the Adobe Flex framework, specifically related to an insecure deserialization process.
Understanding the CVE-2024-28995 Flaw
The root of the issue lies in how SolarWinds Web Help Desk processes serialized data. Attackers can craft malicious Action Message Format (AMF) data and send it to the server. Due to improper validation, the server deserializes this data, allowing the attacker’s malicious code to be executed with the same privileges as the Web Help Desk service.
This is particularly concerning because it is a “patch-bypass” vulnerability. It circumvents a previous fix for a nearly identical flaw, CVE-2024-23476, which was addressed earlier this year. This indicates a persistent weakness in the component that requires a more robust solution, which has now been provided in the latest update.
The High-Stakes Risk of Remote Code Execution
An RCE vulnerability is one of the most dangerous types of security flaws. A successful exploit of CVE-2024-28995 could grant an attacker significant control over the compromised server. The potential consequences include:
- Complete System Takeover: Attackers could gain administrative-level access to the server running the Web Help Desk software.
- Data Theft: Sensitive information stored on or accessible from the server, including help desk tickets, user data, and internal network details, could be stolen.
- Lateral Movement: The compromised server could be used as a beachhead to launch further attacks across your internal network.
- Malware Deployment: Attackers could install ransomware, spyware, or other malicious software on the server.
Because this vulnerability can be exploited without authentication, any internet-facing Web Help Desk instance is at an especially high risk.
Immediate Action Required: How to Secure Your System
Given the critical nature of this vulnerability, immediate action is not just recommended—it is essential for protecting your organization’s assets and data.
1. Identify Your Version: The vulnerability specifically affects SolarWinds Web Help Desk version 12.8.1. If you are running this version, your system is exposed.
2. Patch Immediately: SolarWinds has released an update to address this flaw. You must upgrade your deployment to Web Help Desk version 12.8.2 as soon as possible. This new version contains the necessary security enhancements to prevent the insecure deserialization attack.
3. Review System Security: As a best practice, restrict access to your Web Help Desk portal. If it does not need to be publicly accessible, ensure it is firewalled from the public internet and only available on your internal network or via a secure VPN.
Proactive security management is crucial. Regularly updating software is one of the most effective defenses against emerging threats. Do not delay in applying this critical patch to safeguard your network from potential compromise.
Source: https://go.theregister.com/feed/www.theregister.com/2025/09/23/solarwinds_patches_rce/
