CVSS: All 9.8
CVEs Published: January 28th, 2026
CVE-2025-40551: SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
CVE-2025-40552: SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.
CVE-2025-40553: SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
CVE-2025-40554: SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.
Advisories:
https://nvd.nist.gov/vuln/detail/CVE-2025-40551
https://nvd.nist.gov/vuln/detail/CVE-2025-40552
https://nvd.nist.gov/vuln/detail/CVE-2025-40553
https://nvd.nist.gov/vuln/detail/CVE-2025-40554
