top of page
Search

SolarWinds Addresses Critical Vulnerabilities in Web Help Desk

  • Jan 29
  • 1 min read

Key Findings


  • SolarWinds has released security updates to address six vulnerabilities in their Web Help Desk product, including four critical flaws.

  • The four critical vulnerabilities could be exploited without authentication to achieve remote code execution (RCE) or bypass authentication:

  • CVE-2025-40551 (CVSS 9.8) - Unauthenticated RCE via deserialization of untrusted data

  • CVE-2025-40552 (CVSS 9.8) - Authentication bypass to execute actions and methods

  • CVE-2025-40553 (CVSS 9.8) - Unauthenticated RCE via deserialization of untrusted data

  • CVE-2025-40554 (CVSS 9.8) - Authentication bypass to invoke specific actions


Background


  • The vulnerabilities were discovered and reported by researchers from watchTowr and Horizon3.ai.

  • In recent years, SolarWinds has released fixes for several other flaws in its Web Help Desk software, including ones that were actively exploited in the wild.

  • Due to the critical nature and lack of authentication requirements, the vulnerabilities pose a severe risk to affected systems if not patched promptly.


Impact


  • Successful exploitation of the RCE vulnerabilities (CVE-2025-40551 and CVE-2025-40553) could allow an unauthenticated attacker to execute arbitrary commands on the host system.

  • The authentication bypass flaws (CVE-2025-40552 and CVE-2025-40554) could give an attacker broad control over the application and access to sensitive functionality.

  • Together, these vulnerabilities highlight systemic weaknesses in authentication, authorization, and secure coding practices within SolarWinds Web Help Desk.


Recommended Actions


  • SolarWinds customers are urged to update to Web Help Desk version 2026.1 as soon as possible to address these critical vulnerabilities.

  • IT teams should closely monitor for any indicators of compromise and ensure all systems are properly patched and secured.

  • Organizations should review their vulnerability management and patch deployment processes to quickly address high-risk flaws in mission-critical applications.


Sources


  • https://securityaffairs.com/187470/security/solarwinds-addressed-four-critical-web-help-desk-flaws.html

  • https://thehackernews.com/2026/01/solarwinds-fixes-four-critical-web-help.html

  • https://www.securityweek.com/solarwinds-patches-critical-web-help-desk-vulnerabilities/amp/

  • https://www.ctrlaltnod.com/news/solarwinds-fixes-critical-web-help-desk-rce-flaws-under-attack/

  • https://www.bleepingcomputer.com/news/security/solarwinds-warns-of-critical-web-help-desk-rce-auth-bypass-flaws/

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page