Skip to main content

Web Help Desk CVE-2025-40552

CRITICAL
Weak Authentication (CWE-1390)
2026-01-28 psirt@solarwinds.com
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 28, 2026 - 08:16 nvd
CRITICAL 9.8

DescriptionCVE.org

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.

AnalysisAI

SolarWinds Web Help Desk has an authentication bypass vulnerability (EPSS 9.9%) that allows unauthenticated attackers to gain admin access to the helpdesk system.

Technical ContextAI

SolarWinds WHD has a CWE-1390 weak authentication vulnerability that allows attackers to bypass authentication and gain administrative access without credentials.

RemediationAI

Patch all four WHD vulnerabilities simultaneously. Assume compromise if running affected versions.

CVE-2025-40551 CRITICAL POC
9.8 Jan 28

SolarWinds Web Help Desk contains an unauthenticated Java deserialization vulnerability (CVE-2025-40551, CVSS 9.8) that

CVE-2025-40536 HIGH POC
8.1 Jan 28

SolarWinds Web Help Desk contains a security control bypass vulnerability (CVE-2025-40536) that allows unauthenticated a

CVE-2025-40554 CRITICAL POC
9.8 Jan 28

SolarWinds Web Help Desk has a second authentication bypass (EPSS 7.8%) providing yet another path to unauthenticated ad

CVE-2024-28986 CRITICAL POC
9.8 Aug 13

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that,

CVE-2024-28987 CRITICAL POC
9.1 Aug 21

The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthe

CVE-2025-40553 CRITICAL
9.8 Jan 28

SolarWinds Web Help Desk has a second deserialization vulnerability (EPSS 11.9%) providing another unauthenticated RCE p

CVE-2024-28988 CRITICAL
9.8 Sep 01

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that,

CVE-2026-28299 HIGH
8.2 Jun 02

Denial-of-service in SolarWinds Web Help Desk allows remote unauthenticated attackers to crash the server by exhausting

CVE-2025-40537 HIGH
7.5 Jan 28

SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situat

CVE-2021-35243 HIGH
7.5 Dec 23

The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to exe

CVE-2024-28989 MEDIUM
5.5 Feb 11

SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive in

CVE-2024-45709 MEDIUM
5.5 Dec 10

SolarWinds Web Help Desk was susceptible to a local file read vulnerability. Rated medium severity (CVSS 5.5), this vuln

Share

CVE-2025-40552 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy