AI description
CVE-2025-40554 is an authentication bypass vulnerability found in SolarWinds Web Help Desk (WHD). This flaw allows an attacker to invoke specific internal actions within the WHD platform without proper authorization. Successful exploitation of CVE-2025-40554 could lead to unauthorized access to sensitive functionality within the Web Help Desk system. Some reports indicate that this authentication bypass could potentially be leveraged to achieve remote code execution (RCE).
- Description
- SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.
- Source
- psirt@solarwinds.com
- NVD status
- Undergoing Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@solarwinds.com
- CWE-1390
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
11
‼️ SolarWinds Web Help Desk RCE Hit by Multiple Critical Security Flaws; CVE-2025-40551, CVE-2025-40552, CVE-2025-40553, CVE-2025-40554 CVSS: All 9.8 CVEs Published: January 28th, 2026 CVE-2025-40551: SolarWinds Web Help Desk was found to be susceptible to an untrusted data
@DarkWebInformer
29 Jan 2026
2481 Impressions
6 Retweets
10 Likes
9 Bookmarks
1 Reply
0 Quotes
CVE-2025-40554 – SolarWinds Web Help Desk Auth Bypass PoC https://t.co/U1MFYmG3fE https://t.co/UEkAByuyCf
@d4rk_c0r3
29 Jan 2026
200 Impressions
1 Retweet
2 Likes
1 Bookmark
0 Replies
0 Quotes
#SolarWinds released Security Update to address an Authentication Bypass Vulnerability in SolarWinds Web Help Desk. Apply Update! #CVE-2025-40554 https://t.co/0plI8gFYB0
@NCIIPC
29 Jan 2026
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
On January 28, 2026, SolarWinds disclosed multiple vulnerabilities in their Web Help Desk product, including four critical CVEs (CVE-2025-40551, CVE-2025-40552, CVE-2025-40553, CVE-2025-40554) allowing unauthenticated remote code execution or authentic... https://t.co/wNVNK3Es3P
@securityRSS
29 Jan 2026
83 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SolarWinds Web Help Desk Authentication Bypass Vulnerability (CVE-2025-40554) Download PDF URL: https://t.co/SWN8YzaUnP Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.8
@samilaiho
29 Jan 2026
350 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 2 critical authentication bypass and remote command execution vulnerabilities in Solarwinds WHD have been disclosed. Vulnerability detection scripts can be found below: CVE-2025-40552: https://t.co/DP8KOoSq0t CVE-2025-40554: https://t.co/aWhxx3gsMa At the time of writing
@rxerium
29 Jan 2026
3145 Impressions
14 Retweets
63 Likes
37 Bookmarks
2 Replies
0 Quotes
SolarWinds has just announced four high-severity vulnerabilities in its Web Help Desk (WHD). CVE-2025-40551 & CVE-2025-40553 (Unauthenticated RCE) CVE-2025-40552 & CVE-2025-40554 (Auth Bypass) https://t.co/pR8mqjT5NL https://t.co/j3F2jxa30N
@TheHackerWire
28 Jan 2026
84 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨🚨🚨 『if exploited, could allow an attacker to invoke specific actions within Web Help Desk.』 SolarWinds Web Help Desk Authentication Bypass Vulnerability (CVE-2025-40554) https://t.co/TBD2igKgYQ
@autumn_good_35
28 Jan 2026
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-40554 SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions … https://t.co/HHw99QpeJS
@CVEnew
28 Jan 2026
190 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes