cbcvebase.
CVE-2025-40554
published 2026-01-28

CVE-2025-40554: SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific…

PriorityP194critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVRansomware
Exploited in the wild
EPSS
58.45%
99.0th percentile
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.

Affected

2 ranges
VendorProductVersion rangeFixed in
solarwindsweb_help_desk< 2026.12026.1
solarwindsweb_help_desk

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2025-40554 is an authentication bypass in SolarWinds Web Help Desk that allows unauthenticated attackers to invoke specific protected actions/methods; monitor for unauthenticated requests to privileged WHD endpoints
  • CVE-2025-40554 was reported by watchTowr researcher Piotr Bazydlo; correlate with related auth-bypass CVE-2025-40552 from the same researcher when hunting for exploitation attempts against Web Help Desk
  • A public exploit exists for CVE-2025-40554; prioritize detection on internet-exposed SolarWinds Web Help Desk instances given EPSS 90.7th percentile and confirmed public exploit availability
  • ·Fix was released in SolarWinds Web Help Desk version 2026.1 on January 28, 2026; unpatched instances on both Linux and Windows are affected
  • ·CVE-2025-40554 is not currently in CISA KEV, but the closely related CVE-2025-40551 (same product, same patch batch) is actively exploited in the wild; treat the entire WHD patch batch as high-urgency

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.