CVE-2025-40554

SolarWinds Web Help Desk Authentication Bypass Vulnerability

CVSS 9.8 CRITICALEPSS 58.4%CWE-1390

In short

SolarWinds Web Help Desk has a flaw that lets attackers skip authentication and perform actions they shouldn't be able to do. This is critical because it gives unauthorized access to a system meant to manage support tickets and user data.

Technical detail

An authentication bypass vulnerability in SolarWinds Web Help Desk allows unauthenticated attackers to invoke arbitrary actions without valid credentials. The vulnerability bypasses the authentication mechanism entirely, granting unauthorized access to sensitive functions and data within the application.

Summary generated and translated by AI from the official description.

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

SolarWinds · Web Help Desk

public PoCs found — 2

githubgithub.com/imbas007/auth-bypass-CVE-2025-40554★ 1 githubgithub.com/Skynoxk/CVE-2025-40554★ 1

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40554