CVE-2025-40554 PUBLISHED

SolarWinds Web Help Desk Authentication Bypass Vulnerability

Assigner: SolarWinds
Reserved: 16.04.2025 Published: 28.01.2026 Updated: 29.01.2026

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 9.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	SolarWinds
Product	Web Help Desk
Versions	Default: affected Version 12.8.8 HF1 and below is affected

Solutions

SolarWinds recommends users upgrade to Web Help Desk version 2026.1.

Credits

Piotr Bazydlo working with watchTowr reporter

References

https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40554
https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm

Problem Types

CWE-1390 Weak Authentication CWE

Impacts

CAPEC-115 Authentication Bypass