CVE-2025-40554
Published Jan 28, 2026
Last updated a month ago
- Description
- SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.
- Source
- psirt@solarwinds.com
- NVD status
- Analyzed
- Products
- web_help_desk
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@solarwinds.com
- CWE-1390
- Hype score
- Not currently trending
#Research Vulnerabilities in SolarWinds Web Help Desk CVE-2025-40552 - Authentication Bypass CVE-2025-40553 - Remote Code Execution via Deserialization CVE-2025-40554 - Authentication Bypass https://t.co/s5IQzSOACw https://t.co/bNRCyjHn5I
@blackorbird
27 Feb 2026
1800 Impressions
7 Retweets
25 Likes
9 Bookmarks
0 Replies
1 Quote
🚨 CVE-2025-40554 - critical 🚨 SolarWinds Web Help Desk - Authentication Bypass > SolarWinds Web Help Desk 12.8.8 HF1 and earlier contains an authentication bypass vul... 👾 https://t.co/AOkS12JlD4 @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
17 Feb 2026
161 Impressions
1 Retweet
2 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-40554 disclosed: a security flaw enabling unauthorized actions under certain conditions. Vendors notified; patch guidance provided. Admins should review and update ASAP. POC: https://t.co/Iesxk6Y79q #infosec #CVE https://t.co/ivdE0Hbr4K
@nkprorhah
2 Feb 2026
91 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SolarWinds Fixes Critical Web Help Desk Bugs Enabling Auth Bypass and Remote Code Execution SolarWinds patched multiple WHD flaws (fixed in Web Help Desk 2026.1) including auth bypass (CVE-2025-40552, CVE-2025-40554) and unsafe deserialization RCE (CVE-2025-40553,
@ThreatSynop
30 Jan 2026
83 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼️ SolarWinds Web Help Desk RCE Hit by Multiple Critical Security Flaws; CVE-2025-40551, CVE-2025-40552, CVE-2025-40553, CVE-2025-40554 CVSS: All 9.8 CVEs Published: January 28th, 2026 CVE-2025-40551: SolarWinds Web Help Desk was found to be susceptible to an untrusted data
@DarkWebInformer
29 Jan 2026
2877 Impressions
7 Retweets
17 Likes
12 Bookmarks
2 Replies
0 Quotes
CVE-2025-40554 – SolarWinds Web Help Desk Auth Bypass PoC https://t.co/U1MFYmG3fE https://t.co/UEkAByuyCf
@d4rk_c0r3
29 Jan 2026
207 Impressions
1 Retweet
2 Likes
1 Bookmark
0 Replies
0 Quotes
#SolarWinds released Security Update to address an Authentication Bypass Vulnerability in SolarWinds Web Help Desk. Apply Update! #CVE-2025-40554 https://t.co/0plI8gFYB0
@NCIIPC
29 Jan 2026
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
On January 28, 2026, SolarWinds disclosed multiple vulnerabilities in their Web Help Desk product, including four critical CVEs (CVE-2025-40551, CVE-2025-40552, CVE-2025-40553, CVE-2025-40554) allowing unauthenticated remote code execution or authentic... https://t.co/wNVNK3Es3P
@securityRSS
29 Jan 2026
83 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SolarWinds Web Help Desk Authentication Bypass Vulnerability (CVE-2025-40554) Download PDF URL: https://t.co/SWN8YzaUnP Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.8
@samilaiho
29 Jan 2026
350 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 2 critical authentication bypass and remote command execution vulnerabilities in Solarwinds WHD have been disclosed. Vulnerability detection scripts can be found below: CVE-2025-40552: https://t.co/DP8KOoSq0t CVE-2025-40554: https://t.co/aWhxx3gsMa At the time of writing
@rxerium
29 Jan 2026
3145 Impressions
14 Retweets
63 Likes
37 Bookmarks
2 Replies
0 Quotes
SolarWinds has just announced four high-severity vulnerabilities in its Web Help Desk (WHD). CVE-2025-40551 & CVE-2025-40553 (Unauthenticated RCE) CVE-2025-40552 & CVE-2025-40554 (Auth Bypass) https://t.co/pR8mqjT5NL https://t.co/j3F2jxa30N
@TheHackerWire
28 Jan 2026
84 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨🚨🚨 『if exploited, could allow an attacker to invoke specific actions within Web Help Desk.』 SolarWinds Web Help Desk Authentication Bypass Vulnerability (CVE-2025-40554) https://t.co/TBD2igKgYQ
@autumn_good_35
28 Jan 2026
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-40554 SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions … https://t.co/HHw99QpeJS
@CVEnew
28 Jan 2026
190 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CADB33-214C-441A-BB62-64811EBBEB29",
"versionEndExcluding": "2026.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]