SolarWinds Web Help Desk Hardcoded Credentials Vulnerability (CVE-2025-40537)

Summary

SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions.

Affected Products

SolarWinds Web Help Desk 12.8.8 HF1 and all previous versions

Fixed Software Release

SolarWinds Web Help Desk 2026.1

Acknowledgments

Jimi Sebree working with Horizon3.ai

Advisory Details

Severity

High

Advisory ID

CVE-2025-40537

First Published

01/28/2026

Fixed Version

SolarWinds Web Help Desk 2026.1

CVSS Score

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Download PDF

Send an Email