cbcvebase.
CVE-2025-40552
published 2026-01-28

CVE-2025-40552: SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute…

PriorityP186critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
49.73%
98.8th percentile
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.

Affected

2 ranges
VendorProductVersion rangeFixed in
solarwindsweb_help_desk< 2026.12026.1
solarwindsweb_help_desk

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2025-40552 is an authentication bypass in SolarWinds Web Help Desk that allows unauthenticated actors to execute actions and methods protected by authentication; monitor for unauthenticated requests reaching authenticated endpoints in Web Help Desk.
  • CVE-2025-40552 was reported by watchTowr researcher Piotr Bazydlo; threat intelligence and PoC research from watchTowr should be monitored for exploitation details.
  • A public exploit exists for CVE-2025-40552; prioritize detection and patching for internet-exposed SolarWinds Web Help Desk instances.
  • CVE-2025-40552 affects SolarWinds Web Help Desk on both Linux and Windows platforms; ensure detection coverage spans both OS deployments.
  • ·CVE-2025-40552 is patched in Web Help Desk 2026.1 released January 28, 2026; unpatched instances remain exposed to unauthenticated authentication bypass.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.