CVE-2025-40552
Published Jan 28, 2026
Last updated 18 days ago
- Description
- SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.
- Source
- psirt@solarwinds.com
- NVD status
- Modified
- Products
- web_help_desk
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@solarwinds.com
- CWE-1390
- Hype score
- Not currently trending
Top 5 Trending CVEs: 1 - CVE-2024-35202 2 - CVE-2019-12735 3 - CVE-2025-40552 4 - CVE-2026-21253 5 - CVE-2026-28515 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
28 Feb 2026
263 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Research Vulnerabilities in SolarWinds Web Help Desk CVE-2025-40552 - Authentication Bypass CVE-2025-40553 - Remote Code Execution via Deserialization CVE-2025-40554 - Authentication Bypass https://t.co/s5IQzSOACw https://t.co/bNRCyjHn5I
@blackorbird
27 Feb 2026
1800 Impressions
7 Retweets
25 Likes
9 Bookmarks
0 Replies
1 Quote
🚨 CVE-2025-40552 - critical 🚨 SolarWinds Web Help Desk - Authentication Bypass > SolarWinds Web Help Desk contains an authentication bypass vulnerability caused by im... 👾 https://t.co/vtKTOUTMi4 @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
26 Feb 2026
181 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 SolarWinds Fixes Critical Web Help Desk Bugs Enabling Auth Bypass and Remote Code Execution SolarWinds patched multiple WHD flaws (fixed in Web Help Desk 2026.1) including auth bypass (CVE-2025-40552, CVE-2025-40554) and unsafe deserialization RCE (CVE-2025-40553,
@ThreatSynop
30 Jan 2026
83 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SolarWinds Fixes 4 Critical Web Help Desk Flaws Enabling Unauthenticated RCE & Auth Bypass SolarWinds patched six Web Help Desk vulnerabilities, including four critical (CVSS 9.8) issues that allow unauthenticated attackers to bypass authentication (CVE-2025-40552,
@ThreatSynop
30 Jan 2026
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼️ SolarWinds Web Help Desk RCE Hit by Multiple Critical Security Flaws; CVE-2025-40551, CVE-2025-40552, CVE-2025-40553, CVE-2025-40554 CVSS: All 9.8 CVEs Published: January 28th, 2026 CVE-2025-40551: SolarWinds Web Help Desk was found to be susceptible to an untrusted data
@DarkWebInformer
29 Jan 2026
2877 Impressions
7 Retweets
17 Likes
12 Bookmarks
2 Replies
0 Quotes
#SolarWinds released Security Update to address an Authentication Bypass Vulnerability in SolarWinds Web Help Desk. Apply Update! #CVE-2025-40552 https://t.co/SUy6Qwe0BJ
@NCIIPC
29 Jan 2026
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
On January 28, 2026, SolarWinds disclosed multiple vulnerabilities in their Web Help Desk product, including four critical CVEs (CVE-2025-40551, CVE-2025-40552, CVE-2025-40553, CVE-2025-40554) allowing unauthenticated remote code execution or authentic... https://t.co/wNVNK3Es3P
@securityRSS
29 Jan 2026
83 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SolarWinds Web Help Desk Authentication Bypass Vulnerability (CVE-2025-40552) URL: https://t.co/G7l6Fe8lbT Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.8
@samilaiho
29 Jan 2026
379 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 2 critical authentication bypass and remote command execution vulnerabilities in Solarwinds WHD have been disclosed. Vulnerability detection scripts can be found below: CVE-2025-40552: https://t.co/DP8KOoSq0t CVE-2025-40554: https://t.co/aWhxx3gsMa At the time of writing
@rxerium
29 Jan 2026
3145 Impressions
14 Retweets
63 Likes
37 Bookmarks
2 Replies
0 Quotes
Security Bulletin: SolarWinds WHD (CVE-2025-40552, CVSS 9.8) allows authentication bypass via improper access controls. Upgrade to 2026.1 now. #ThreatIntel #RedLeggCTI https://t.co/uZZyGhiBuW
@RedLegg
28 Jan 2026
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SolarWinds has just announced four high-severity vulnerabilities in its Web Help Desk (WHD). CVE-2025-40551 & CVE-2025-40553 (Unauthenticated RCE) CVE-2025-40552 & CVE-2025-40554 (Auth Bypass) https://t.co/pR8mqjT5NL https://t.co/j3F2jxa30N
@TheHackerWire
28 Jan 2026
84 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CADB33-214C-441A-BB62-64811EBBEB29",
"versionEndExcluding": "2026.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]