CVE-2025-40552
published 2026-01-28CVE-2025-40552: SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute…
PriorityP186critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
49.73%
98.8th percentile
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| solarwinds | web_help_desk | < 2026.1 | 2026.1 |
| solarwinds | web_help_desk | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2025-40552 is an authentication bypass in SolarWinds Web Help Desk that allows unauthenticated actors to execute actions and methods protected by authentication; monitor for unauthenticated requests reaching authenticated endpoints in Web Help Desk. ↗
- →CVE-2025-40552 was reported by watchTowr researcher Piotr Bazydlo; threat intelligence and PoC research from watchTowr should be monitored for exploitation details. ↗
- →A public exploit exists for CVE-2025-40552; prioritize detection and patching for internet-exposed SolarWinds Web Help Desk instances. ↗
- →CVE-2025-40552 affects SolarWinds Web Help Desk on both Linux and Windows platforms; ensure detection coverage spans both OS deployments. ↗
- ·CVE-2025-40552 is patched in Web Help Desk 2026.1 released January 28, 2026; unpatched instances remain exposed to unauthenticated authentication bypass. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
SolarWinds Web Help Desk - Authentication Bypass
nuclei·CVSS 9.8
CVE-2025-40552 [CRITICAL] SolarWinds Web Help Desk - Authentication Bypass
SolarWinds Web Help Desk - Authentication Bypass
SolarWinds Web Help Desk contains an authentication bypass vulnerability caused by improper access control, letting attackers execute protected actions without authentication, exploit requires no special conditions.
Template:
id: CVE-2025-40552
info:
name: SolarWinds Web Help Desk - Authentication Bypass
author: watchTowr,DhiyaneshDk
severity: critical
description: |
SolarWinds Web Help Desk contains an authentication bypass vulnerability caused by improper access control, letting attackers execute protected actions without authentication, exploit requires no special conditions.
impact: |
Attackers can execute protected actions without authentication, potentially compromising system integrity and data security.
remediation: Update to the
Checkpoint
2nd March – Threat Intelligence Report
blogs_checkpoint·2026-03-02
CVE-2025-59536 2nd March – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 2nd March – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 2nd March, please download our Threat Intelligence Bulletin.
TOP ATTACKS AND BREACHES
Wynn Resorts, a United States-based casino and hotel operator, has confirmed that employee data was accessed following an extortion threat linked to ShinyHunters. The company said operations were not disrupted. Reports indicate the stolen dataset includes HR-related information, including contact details and employment records f
Bleepingcomputer
CISA flags critical SolarWinds RCE flaw as exploited in attacks
blogs_bleepingcomputer·2026-02-03·CVSS 7.5
CVE-2025-40551 [HIGH] CISA flags critical SolarWinds RCE flaw as exploited in attacks
## CISA flags critical SolarWinds RCE flaw as exploited in attacks
## Sergiu Gatlan
CISA has flagged a critical SolarWinds Web Help Desk vulnerability as actively exploited in attacks and ordered federal agencies to patch their systems within three days.
Tracked as CVE-2025-40551 , this security flaw stems from an untrusted data deserialization weakness discovered and reported by Horizon3.ai security researcher Jimi Sebree , which can allow unauthenticated attackers to gain remote command execution on unpatched devices.
"SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution which would allow an attacker to run commands on the host machine," the company explained on January 28 when it released Web
Bleepingcomputer
SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws
blogs_bleepingcomputer·2026-01-28·CVSS 9.8
CVE-2025-40552 [CRITICAL] SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws
## SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws
## Sergiu Gatlan
SolarWinds has released security updates to patch critical authentication bypass and remote command execution vulnerabilities in its Web Help Desk IT help desk software.
The authentication bypass security flaws (tracked as CVE-2025-40552 and CVE-2025-40554 ) patched today by SolarWinds were reported by watchTowr's Piotr Bazydlo and can be exploited by remote unauthenticated threat actors in low-complexity attacks.
Bazydlo also found and reported a critical remote code execution (RCE) flaw ( CVE-2025-40553 ) stemming from an untrusted data deserialization weakness that can enable attackers without privileges to run commands on vulnerable hosts.
A second RCE vulnerability ( CVE-2025-40551 ) reported by
Wiz
CVE-2025-40553 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-40553 [HIGH] CVE-2025-40553 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40553 :
SolarWinds Web Help Desk vulnerability analysis and mitigation
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
Source : NVD
## 9.8
Score
Published January 28, 2026
Severity CRITICAL
CNA Score 9.8
High-profile Vulnerability Yes
Affected Technologies
SolarWinds Web Help Desk
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 94.4
Exploitation Probability (EPSS) 14.5
Affected packages and libraries
cpe:2.3:a:solarwinds:web_help_desk
Sources
Linux Severity
Wiz
CVE-2025-40536 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.1
CVE-2025-40536 [HIGH] CVE-2025-40536 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40536 :
SolarWinds Web Help Desk vulnerability analysis and mitigation
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.
Source : NVD
## 9.8
Score
Published January 28, 2026
Severity CRITICAL
CNA Score 8.1
High-profile Vulnerability Yes
Affected Technologies
SolarWinds Web Help Desk
Has Public Exploit Yes
Has CISA KEV Exploit Yes
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 98.6
Exploitation Probability (EPSS) 68.3
Affected packages and libraries
cpe:2.3:a:solarwinds:web_help_desk
Sources
Linux Severity CRITICAL Has Fix Added at: Jan 29, 2026
Windows Seve
Wiz
CVE-2025-40537 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-40537 [HIGH] CVE-2025-40537 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40537 :
SolarWinds Web Help Desk vulnerability analysis and mitigation
SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions.
Source : NVD
## 7.5
Score
Published January 28, 2026
Severity HIGH
CNA Score 7.5
High-profile Vulnerability Yes
Affected Technologies
SolarWinds Web Help Desk
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:solarwinds:web_help_desk
Sources
Linux Severity HIGH Has Fix Added at: Jan 29, 2026
Windows Severity HIGH Has Fix Added at: Jan 29, 2026
#
Wiz
CVE-2025-40551 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-40551 [HIGH] CVE-2025-40551 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40551 :
SolarWinds Web Help Desk vulnerability analysis and mitigation
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
Source : NVD
## 9.8
Score
Published January 28, 2026
Severity CRITICAL
CNA Score 9.8
High-profile Vulnerability Yes
Affected Technologies
SolarWinds Web Help Desk
Has Public Exploit Yes
Has CISA KEV Exploit Yes
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 99.6
Exploitation Probability (EPSS) 89.5
Affected packages and libraries
cpe:2.3:a:solarwinds:web_help_desk
Sources
Linux Severity
Wiz
CVE-2025-40554 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-40554 [HIGH] CVE-2025-40554 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40554 :
SolarWinds Web Help Desk vulnerability analysis and mitigation
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.
Source : NVD
## 9.8
Score
Published January 28, 2026
Severity CRITICAL
CNA Score 9.8
High-profile Vulnerability Yes
Affected Technologies
SolarWinds Web Help Desk
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 90.7
Exploitation Probability (EPSS) 6.1
Affected packages and libraries
cpe:2.3:a:solarwinds:web_help_desk
Sources
Linux Severity CRITICAL Has Fix Added at: Jan 29, 2026
Windows Severity CRITICAL Has Fix
Wiz
CVE-2025-40552 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-40552 [HIGH] CVE-2025-40552 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40552 :
SolarWinds Web Help Desk vulnerability analysis and mitigation
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.
Source : NVD
## 9.8
Score
Published January 28, 2026
Severity CRITICAL
CNA Score 9.8
High-profile Vulnerability Yes
Affected Technologies
SolarWinds Web Help Desk
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 91.8
Exploitation Probability (EPSS) 7.5
Affected packages and libraries
cpe:2.3:a:solarwinds:web_help_desk
Sources
Linux Severity CRITICAL Has Fix Added at: Jan 29, 2026
Wi
Greynoiseio
NoiseLetter February 2026
blogs_greynoiseio
NoiseLetter February 2026
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htmhttps://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40552https://github.com/watchtowrlabs/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553/blob/main/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553.py
2026-01-28
Published