CVE-2025-40554

Published: Jan 28, 2026Modified: Feb 3, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: psirt@solarwinds.com

Description

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.

Affected (1)

Products: Solarwinds: Web Help Desk

Solarwinds

1 product

Web Help Desk

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Solarwinds Web Help Desk	Before 2026.1

Related CWEs

CWE-1390

Weak Authentication

The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.

References (2)

https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm

Source: psirt@solarwinds.com

Release Notes

https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40554

Source: psirt@solarwinds.com

Vendor Advisory

Timeline

No history available yet.