CVE-2025-40552 PUBLISHED

SolarWinds Web Help Desk Authentication Bypass Vulnerability

Assigner: SolarWinds
Reserved: 16.04.2025 Published: 28.01.2026 Updated: 02.02.2026

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 9.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	SolarWinds
Product	Web Help Desk
Versions	Default: affected Version 12.8.8 HF1 and below is affected

Solutions

SolarWinds recommends customers upgrade to Web Help Desk version 2026.1.

Credits

Piotr Bazydlo working with watchTowr reporter

References

Problem Types

CWE-1390 Weak Authentication CWE

Impacts

CAPEC-115 Authentication Bypass