SolarWinds Web Help Desk Authentication Bypass Vulnerability

(CVE-2025-40552)

Summary

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.

Affected Products

SolarWinds Web Help Desk 12.8.8 HF1 and all previous versions

Fixed Software Release

SolarWinds Web Help Desk 2026.1

Acknowledgments

Piotr Bazydlo working with watchTowr

Advisory Details

Severity

9.8 Critical

Advisory ID

CVE-2025-40552

First Published

01/28/2026

Fixed Version

SolarWinds Web Help Desk 2026.1

CVSS Score

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H