SolarWinds Web Help Desk Authentication Bypass Vulnerability_CVE-2025-40554

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.

Basic Information

ID CVE-2025-40554

Source SolarWinds

Published Jan 28, 2026 at 07:36

Affected Product

Vendor SolarWinds

Product Web Help Desk

Version 12.8.8 HF1 and below

Affected Versions SolarWinds Web Help Desk 12.8.8 HF1 and below

CWE Classification

CWE-1390

References

{
    "lastseen": "",
    "description": "SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.",
    "published": "2026-01-28T07:36:50.177Z",
    "modified": "2026-01-28T07:36:50.177Z",
    "type": "cve",
    "title": "SolarWinds Web Help Desk Authentication Bypass Vulnerability",
    "source": "SolarWinds",
    "references": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40554\nhttps://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm",
    "id": "CVE-2025-40554",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1390"
    ],
    "cvelist": null,
    "sourceData": "SolarWinds Web Help Desk 12.8.8 HF1 and below",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Web Help Desk",
    "version": "12.8.8 HF1 and below",
    "vendor": "SolarWinds",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}