CVE-2025-40554
Published Jan 28, 2026
Last updated 3 months ago
AI description
CVE-2025-40554 is an authentication bypass vulnerability found in SolarWinds Web Help Desk (WHD). This flaw allows an attacker to invoke specific internal actions within the WHD platform without proper authorization. Successful exploitation of CVE-2025-40554 could lead to unauthorized access to sensitive functionality within the Web Help Desk system. Some reports indicate that this authentication bypass could potentially be leveraged to achieve remote code execution (RCE).
- Description
- SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.
- Source
- psirt@solarwinds.com
- NVD status
- Analyzed
- Products
- web_help_desk
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@solarwinds.com
- CWE-1390
- Hype score
- Not currently trending
19 new OPEN, 30 new PRO (19 + 11) BMC FootPrints (CVE-2025-71257, CVE-2025-71258, CVE-2025-71259, CVE-2025-21760), LandUpdate808, Lumma Stealer, Proxy Service Domains, SolarWinds (CVE-2025-40554), UNK_VaporVibes, XWorm, ZPHP https://t.co/ctcX3iqW8K
@ET_Labs
18 Mar 2026
374 Impressions
3 Retweets
3 Likes
2 Bookmarks
0 Replies
0 Quotes
#Research Vulnerabilities in SolarWinds Web Help Desk CVE-2025-40552 - Authentication Bypass CVE-2025-40553 - Remote Code Execution via Deserialization CVE-2025-40554 - Authentication Bypass https://t.co/s5IQzSOACw https://t.co/bNRCyjHn5I
@blackorbird
27 Feb 2026
1800 Impressions
7 Retweets
25 Likes
9 Bookmarks
0 Replies
1 Quote
🚨 CVE-2025-40554 - critical 🚨 SolarWinds Web Help Desk - Authentication Bypass > SolarWinds Web Help Desk 12.8.8 HF1 and earlier contains an authentication bypass vul... 👾 https://t.co/AOkS12JlD4 @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
17 Feb 2026
161 Impressions
1 Retweet
2 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-40554 disclosed: a security flaw enabling unauthorized actions under certain conditions. Vendors notified; patch guidance provided. Admins should review and update ASAP. POC: https://t.co/Iesxk6Y79q #infosec #CVE https://t.co/ivdE0Hbr4K
@nkprorhah
2 Feb 2026
91 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SolarWinds Fixes Critical Web Help Desk Bugs Enabling Auth Bypass and Remote Code Execution SolarWinds patched multiple WHD flaws (fixed in Web Help Desk 2026.1) including auth bypass (CVE-2025-40552, CVE-2025-40554) and unsafe deserialization RCE (CVE-2025-40553,
@ThreatSynop
30 Jan 2026
83 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼️ SolarWinds Web Help Desk RCE Hit by Multiple Critical Security Flaws; CVE-2025-40551, CVE-2025-40552, CVE-2025-40553, CVE-2025-40554 CVSS: All 9.8 CVEs Published: January 28th, 2026 CVE-2025-40551: SolarWinds Web Help Desk was found to be susceptible to an untrusted data
@DarkWebInformer
29 Jan 2026
2877 Impressions
7 Retweets
17 Likes
12 Bookmarks
2 Replies
0 Quotes
CVE-2025-40554 – SolarWinds Web Help Desk Auth Bypass PoC https://t.co/U1MFYmG3fE https://t.co/UEkAByuyCf
@d4rk_c0r3
29 Jan 2026
207 Impressions
1 Retweet
2 Likes
1 Bookmark
0 Replies
0 Quotes
#SolarWinds released Security Update to address an Authentication Bypass Vulnerability in SolarWinds Web Help Desk. Apply Update! #CVE-2025-40554 https://t.co/0plI8gFYB0
@NCIIPC
29 Jan 2026
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
On January 28, 2026, SolarWinds disclosed multiple vulnerabilities in their Web Help Desk product, including four critical CVEs (CVE-2025-40551, CVE-2025-40552, CVE-2025-40553, CVE-2025-40554) allowing unauthenticated remote code execution or authentic... https://t.co/wNVNK3Es3P
@securityRSS
29 Jan 2026
83 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SolarWinds Web Help Desk Authentication Bypass Vulnerability (CVE-2025-40554) Download PDF URL: https://t.co/SWN8YzaUnP Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.8
@samilaiho
29 Jan 2026
350 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 2 critical authentication bypass and remote command execution vulnerabilities in Solarwinds WHD have been disclosed. Vulnerability detection scripts can be found below: CVE-2025-40552: https://t.co/DP8KOoSq0t CVE-2025-40554: https://t.co/aWhxx3gsMa At the time of writing
@rxerium
29 Jan 2026
3145 Impressions
14 Retweets
63 Likes
37 Bookmarks
2 Replies
0 Quotes
SolarWinds has just announced four high-severity vulnerabilities in its Web Help Desk (WHD). CVE-2025-40551 & CVE-2025-40553 (Unauthenticated RCE) CVE-2025-40552 & CVE-2025-40554 (Auth Bypass) https://t.co/pR8mqjT5NL https://t.co/j3F2jxa30N
@TheHackerWire
28 Jan 2026
84 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨🚨🚨 『if exploited, could allow an attacker to invoke specific actions within Web Help Desk.』 SolarWinds Web Help Desk Authentication Bypass Vulnerability (CVE-2025-40554) https://t.co/TBD2igKgYQ
@autumn_good_35
28 Jan 2026
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-40554 SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions … https://t.co/HHw99QpeJS
@CVEnew
28 Jan 2026
190 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CADB33-214C-441A-BB62-64811EBBEB29",
"versionEndExcluding": "2026.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]