CVE-2025-40552
SolarWinds Web Help Desk Authentication Bypass Vulnerability
In short
SolarWinds Web Help Desk has a security flaw that lets attackers bypass login requirements and access protected features without valid credentials. This is critical because it allows unauthorized users to perform any action on the system.
Technical detail
An authentication bypass vulnerability in SolarWinds Web Help Desk permits unauthenticated attackers to invoke protected methods and execute administrative actions, circumventing access controls. The vulnerability enables direct exploitation without credential requirements, resulting in complete compromise of system functionality and data access.
Summary generated and translated by AI from the official description.
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
SolarWinds · Web Help Deskpublic PoCs found — 2
githubgithub.com/watchtowrlabs/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553★ 4cve_referencegithub.com/watchtowrlabs/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553/blob/main/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553.pyunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htmhttps://github.com/watchtowrlabs/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553/blob/main/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553.pyhttps://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40552