SolarWinds Web Help Desk Authentication Bypass Vulnerability

(CVE-2025-40554)

Summary

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.

Affected Products

SolarWinds Web Help Desk 12.8.8 HF1 and all previous versions

Fixed Software Release

SolarWinds Web Help Desk 2026.1

Acknowledgments

Piotr Bazydlo working with watchTowr

Advisory Detail

Severity

9.8 Critical

Advisory ID

CVE-2025-40554

First Published

01/28/2026

Fixed Version

SolarWinds Web Help Desk 2026.1

CVSS Score

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H