CVE-2025-40554
published 2026-01-28CVE-2025-40554: SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific…
PriorityP194critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVRansomware
Exploited in the wild
EPSS
58.45%
99.0th percentile
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| solarwinds | web_help_desk | < 2026.1 | 2026.1 |
| solarwinds | web_help_desk | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2025-40554 is an authentication bypass in SolarWinds Web Help Desk that allows unauthenticated attackers to invoke specific protected actions/methods; monitor for unauthenticated requests to privileged WHD endpoints ↗
- →CVE-2025-40554 was reported by watchTowr researcher Piotr Bazydlo; correlate with related auth-bypass CVE-2025-40552 from the same researcher when hunting for exploitation attempts against Web Help Desk ↗
- →A public exploit exists for CVE-2025-40554; prioritize detection on internet-exposed SolarWinds Web Help Desk instances given EPSS 90.7th percentile and confirmed public exploit availability ↗
- ·Fix was released in SolarWinds Web Help Desk version 2026.1 on January 28, 2026; unpatched instances on both Linux and Windows are affected ↗
- ·CVE-2025-40554 is not currently in CISA KEV, but the closely related CVE-2025-40551 (same product, same patch batch) is actively exploited in the wild; treat the entire WHD patch batch as high-urgency ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jm7r-g967-8pch: SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke s
ghsa_unreviewed·2026-01-28
CVE-2025-40554 [CRITICAL] CWE-1390 GHSA-jm7r-g967-8pch: SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke s
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.
VulnCheck
SolarWinds web_help_desk Weak Authentication
vulncheck·2025·CVSS 9.8
CVE-2025-40554 [CRITICAL] SolarWinds web_help_desk Weak Authentication
SolarWinds web_help_desk Weak Authentication
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.
Affected: SolarWinds web_help_desk
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Known Ransomware Campaign Use: Known
Exploitation References: https://ctrlaltintel.com/research/Qilin/
Exploit PoC: https://vulncheck.com/xdb/deb064ce34e1
No detection rules found.
Nuclei
SolarWinds Web Help Desk - Authentication Bypass
nuclei·CVSS 9.8
CVE-2025-40554 [CRITICAL] SolarWinds Web Help Desk - Authentication Bypass
SolarWinds Web Help Desk - Authentication Bypass
SolarWinds Web Help Desk 12.8.8 HF1 and earlier contains an authentication bypass vulnerability in the WebObjects session handling. By crafting a request with a manipulated path component to an internal admin page endpoint, an unauthenticated attacker can access privileged administrative functions including authentication configuration settings, SAML/CAS setup, and API key management.
Template:
id: CVE-2025-40554
info:
name: SolarWinds Web Help Desk - Authentication Bypass
author: Bushi-gg
severity: critical
description: |
SolarWinds Web Help Desk 12.8.8 HF1 and earlier contains an authentication bypass vulnerability in the WebObjects session handling. By crafting a request with a manipulated path component to an internal admin page endp
Checkpoint
2nd March – Threat Intelligence Report
blogs_checkpoint·2026-03-02
CVE-2025-59536 2nd March – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 2nd March – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 2nd March, please download our Threat Intelligence Bulletin.
TOP ATTACKS AND BREACHES
Wynn Resorts, a United States-based casino and hotel operator, has confirmed that employee data was accessed following an extortion threat linked to ShinyHunters. The company said operations were not disrupted. Reports indicate the stolen dataset includes HR-related information, including contact details and employment records f
Bleepingcomputer
CISA flags critical SolarWinds RCE flaw as exploited in attacks
blogs_bleepingcomputer·2026-02-03·CVSS 7.5
CVE-2025-40551 [HIGH] CISA flags critical SolarWinds RCE flaw as exploited in attacks
## CISA flags critical SolarWinds RCE flaw as exploited in attacks
## Sergiu Gatlan
CISA has flagged a critical SolarWinds Web Help Desk vulnerability as actively exploited in attacks and ordered federal agencies to patch their systems within three days.
Tracked as CVE-2025-40551 , this security flaw stems from an untrusted data deserialization weakness discovered and reported by Horizon3.ai security researcher Jimi Sebree , which can allow unauthenticated attackers to gain remote command execution on unpatched devices.
"SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution which would allow an attacker to run commands on the host machine," the company explained on January 28 when it released Web
Bleepingcomputer
SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws
blogs_bleepingcomputer·2026-01-28·CVSS 9.8
CVE-2025-40552 [CRITICAL] SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws
## SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws
## Sergiu Gatlan
SolarWinds has released security updates to patch critical authentication bypass and remote command execution vulnerabilities in its Web Help Desk IT help desk software.
The authentication bypass security flaws (tracked as CVE-2025-40552 and CVE-2025-40554 ) patched today by SolarWinds were reported by watchTowr's Piotr Bazydlo and can be exploited by remote unauthenticated threat actors in low-complexity attacks.
Bazydlo also found and reported a critical remote code execution (RCE) flaw ( CVE-2025-40553 ) stemming from an untrusted data deserialization weakness that can enable attackers without privileges to run commands on vulnerable hosts.
A second RCE vulnerability ( CVE-2025-40551 ) reported by
Wiz
CVE-2025-40553 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-40553 [HIGH] CVE-2025-40553 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40553 :
SolarWinds Web Help Desk vulnerability analysis and mitigation
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
Source : NVD
## 9.8
Score
Published January 28, 2026
Severity CRITICAL
CNA Score 9.8
High-profile Vulnerability Yes
Affected Technologies
SolarWinds Web Help Desk
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 94.4
Exploitation Probability (EPSS) 14.5
Affected packages and libraries
cpe:2.3:a:solarwinds:web_help_desk
Sources
Linux Severity
Wiz
CVE-2025-40536 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.1
CVE-2025-40536 [HIGH] CVE-2025-40536 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40536 :
SolarWinds Web Help Desk vulnerability analysis and mitigation
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.
Source : NVD
## 9.8
Score
Published January 28, 2026
Severity CRITICAL
CNA Score 8.1
High-profile Vulnerability Yes
Affected Technologies
SolarWinds Web Help Desk
Has Public Exploit Yes
Has CISA KEV Exploit Yes
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 98.6
Exploitation Probability (EPSS) 68.3
Affected packages and libraries
cpe:2.3:a:solarwinds:web_help_desk
Sources
Linux Severity CRITICAL Has Fix Added at: Jan 29, 2026
Windows Seve
Wiz
CVE-2025-40537 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-40537 [HIGH] CVE-2025-40537 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40537 :
SolarWinds Web Help Desk vulnerability analysis and mitigation
SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions.
Source : NVD
## 7.5
Score
Published January 28, 2026
Severity HIGH
CNA Score 7.5
High-profile Vulnerability Yes
Affected Technologies
SolarWinds Web Help Desk
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:solarwinds:web_help_desk
Sources
Linux Severity HIGH Has Fix Added at: Jan 29, 2026
Windows Severity HIGH Has Fix Added at: Jan 29, 2026
#
Wiz
CVE-2025-40551 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-40551 [HIGH] CVE-2025-40551 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40551 :
SolarWinds Web Help Desk vulnerability analysis and mitigation
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
Source : NVD
## 9.8
Score
Published January 28, 2026
Severity CRITICAL
CNA Score 9.8
High-profile Vulnerability Yes
Affected Technologies
SolarWinds Web Help Desk
Has Public Exploit Yes
Has CISA KEV Exploit Yes
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 99.6
Exploitation Probability (EPSS) 89.5
Affected packages and libraries
cpe:2.3:a:solarwinds:web_help_desk
Sources
Linux Severity
Wiz
CVE-2025-40554 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-40554 [HIGH] CVE-2025-40554 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40554 :
SolarWinds Web Help Desk vulnerability analysis and mitigation
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.
Source : NVD
## 9.8
Score
Published January 28, 2026
Severity CRITICAL
CNA Score 9.8
High-profile Vulnerability Yes
Affected Technologies
SolarWinds Web Help Desk
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 90.7
Exploitation Probability (EPSS) 6.1
Affected packages and libraries
cpe:2.3:a:solarwinds:web_help_desk
Sources
Linux Severity CRITICAL Has Fix Added at: Jan 29, 2026
Windows Severity CRITICAL Has Fix
Wiz
CVE-2025-40552 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-40552 [HIGH] CVE-2025-40552 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40552 :
SolarWinds Web Help Desk vulnerability analysis and mitigation
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.
Source : NVD
## 9.8
Score
Published January 28, 2026
Severity CRITICAL
CNA Score 9.8
High-profile Vulnerability Yes
Affected Technologies
SolarWinds Web Help Desk
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 91.8
Exploitation Probability (EPSS) 7.5
Affected packages and libraries
cpe:2.3:a:solarwinds:web_help_desk
Sources
Linux Severity CRITICAL Has Fix Added at: Jan 29, 2026
Wi
2026-01-28
Published
Exploited in the wild