How to fix CVE-2025-40554?

Within 24 hours: Identify all Web Help Desk instances in your environment and assess exposure; implement network segmentation to restrict access to trusted IPs only. Within 7 days: Deploy WAF rules to block suspicious action invocation patterns; enable enhanced logging and monitoring for Web Help Desk activity; disable non-essential helpdesk features if operationally feasible. Within 30 days: Establish daily vendor communication cadence for patch availability; evaluate alternative helpdesk solutions as contingency; conduct comprehensive audit of helpdesk access logs for signs of compromise.

Is Web Help Desk affected by CVE-2025-40554?

A critical vulnerability (CVSS 9.8) in Web Help Desk enables attackers to execute unauthorized actions within the platform, potentially compromising all helpdesk operations and sensitive data.

CVE-2025-40554

CRITICAL

2026-01-28 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 28, 2026 - 08:16 nvd

CRITICAL 9.8

Description

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.

Analysis

SolarWinds Web Help Desk has a second authentication bypass (EPSS 7.8%) providing yet another path to unauthenticated admin access.

Technical Context

Another CWE-1390 weak authentication vulnerability in SolarWinds WHD, the fourth critical vulnerability in the series. Two deserialization RCEs and two auth bypasses make the application fundamentally insecure.

Affected Products

['SolarWinds Web Help Desk']

Remediation

Patch all four vulnerabilities. Consider migrating to an alternative helpdesk solution given the systemic security issues.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +7.8

CVSS: +49

POC: 0

CVE-2025-40554 vulnerability details – vuln.today

Back

CVE-2025-40554

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-40554

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code