Critical Vulnerabilities in SolarWinds Web Help Desk

Background

SolarWinds has released security updates addressing multiple critical vulnerabilities (CVE-2025-40551, CVE-2025-40552, CVE-2025-40554, CVE-2025-40554) in their SolarWinds Web Help Desk. The vulnerabilities have a Common Vulnerability Scoring System (CVSS v3.1) score of 9.8 out of 10. 

Impact

The vulnerabilities are:

• CVE-2025-40551 - Successful exploitation of this untrusted data deserialisation vulnerability could allow an unauthenticated attacker to run commands on the host machine. 

• CVE-2025-40552 - Successful exploitation of this authentication bypass vulnerability could allow an unauthenticated attacker to execute actions and methods. 

• CVE-2025-40553 - Successful exploitation of this untrusted data deserialisation vulnerability could allow an unauthenticated attacker to run commands on the host machine.  

• CVE-2025-40554 - Successful exploitation of this authentication bypass vulnerability could allow an attacker to invoke specific actions within Web Help Desk. 

Affected Products

The vulnerabilities affect SolarWinds Web Help Desk 12.8.8 HF1 and all previous versions.

Mitigation

Users and administrators of affected products are advised to update to the latest version immediately.

References

https://nvd.nist.gov/vuln/detail/cve-2025-40551

https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40551

https://nvd.nist.gov/vuln/detail/CVE-2025-40552

https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40552

https://nvd.nist.gov/vuln/detail/CVE-2025-40553

https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40553

https://nvd.nist.gov/vuln/detail/CVE-2025-40554

https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40554

https://securityaffairs.com/187470/security/solarwinds-addressed-four-critical-web-help-desk-flaws.html