AI description
CVE-2025-40552 is an authentication bypass vulnerability affecting SolarWinds Web Help Desk. This flaw allows a remote, unauthenticated attacker to circumvent the application's access controls. By exploiting CVE-2025-40552, an attacker can execute actions and methods within the Web Help Desk application that are typically restricted to authenticated users, potentially gaining broad control over the application.
- Description
- SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.
- Source
- psirt@solarwinds.com
- NVD status
- Undergoing Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@solarwinds.com
- CWE-1390
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
11
‼️ SolarWinds Web Help Desk RCE Hit by Multiple Critical Security Flaws; CVE-2025-40551, CVE-2025-40552, CVE-2025-40553, CVE-2025-40554 CVSS: All 9.8 CVEs Published: January 28th, 2026 CVE-2025-40551: SolarWinds Web Help Desk was found to be susceptible to an untrusted data
@DarkWebInformer
29 Jan 2026
2481 Impressions
6 Retweets
10 Likes
9 Bookmarks
1 Reply
0 Quotes
#SolarWinds released Security Update to address an Authentication Bypass Vulnerability in SolarWinds Web Help Desk. Apply Update! #CVE-2025-40552 https://t.co/SUy6Qwe0BJ
@NCIIPC
29 Jan 2026
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
On January 28, 2026, SolarWinds disclosed multiple vulnerabilities in their Web Help Desk product, including four critical CVEs (CVE-2025-40551, CVE-2025-40552, CVE-2025-40553, CVE-2025-40554) allowing unauthenticated remote code execution or authentic... https://t.co/wNVNK3Es3P
@securityRSS
29 Jan 2026
83 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SolarWinds Web Help Desk Authentication Bypass Vulnerability (CVE-2025-40552) URL: https://t.co/G7l6Fe8lbT Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.8
@samilaiho
29 Jan 2026
379 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 2 critical authentication bypass and remote command execution vulnerabilities in Solarwinds WHD have been disclosed. Vulnerability detection scripts can be found below: CVE-2025-40552: https://t.co/DP8KOoSq0t CVE-2025-40554: https://t.co/aWhxx3gsMa At the time of writing
@rxerium
29 Jan 2026
3145 Impressions
14 Retweets
63 Likes
37 Bookmarks
2 Replies
0 Quotes
Security Bulletin: SolarWinds WHD (CVE-2025-40552, CVSS 9.8) allows authentication bypass via improper access controls. Upgrade to 2026.1 now. #ThreatIntel #RedLeggCTI https://t.co/uZZyGhiBuW
@RedLegg
28 Jan 2026
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SolarWinds has just announced four high-severity vulnerabilities in its Web Help Desk (WHD). CVE-2025-40551 & CVE-2025-40553 (Unauthenticated RCE) CVE-2025-40552 & CVE-2025-40554 (Auth Bypass) https://t.co/pR8mqjT5NL https://t.co/j3F2jxa30N
@TheHackerWire
28 Jan 2026
84 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes