VDB
CVE-2025-40552
CVE-2025-40552
PUBLISHED
CVSS 9.800000190734863 CRITICAL
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.
EPSS 8.55% · 92.6th percentile
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
8.55%
92.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| solarwinds | web_help_desk | 0 |
| SolarWinds | Web Help Desk | 12.8.8 HF1 and below |
Exploit Intelligence
- CIRCL seen: CVE-2025-40552 (circl-sighting)
- CIRCL seen: CVE-2025-40552 (circl-sighting)
- CIRCL seen: CVE-2025-40552 (circl-sighting)
- CIRCL seen: CVE-2025-40552 (circl-sighting)
- CIRCL seen: CVE-2025-40552 (circl-sighting)
- CIRCL seen: CVE-2025-40552 (circl-sighting)
- CIRCL seen: CVE-2025-40552 (circl-sighting)
- CIRCL seen: CVE-2025-40552 (circl-sighting)
- CIRCL confirmed: CVE-2025-40552 (circl-sighting)
- CIRCL seen: CVE-2025-40552 (circl-sighting)
…and 21 more exploits
Timeline
- Jan 28, 2026 CVE Published
- Jan 28, 2026 EPSS Score
- Jan 28, 2026 PoC Published
- Jan 28, 2026 PoC Published
- Jan 28, 2026 PoC Published
- Jan 28, 2026 PoC Published
- Jan 29, 2026 PoC Published
- Jan 29, 2026 PoC Published
- Jan 29, 2026 PoC Published
- Jan 29, 2026 PoC Published
- Jan 29, 2026 PoC Published
- Jan 29, 2026 PoC Published
References
- https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40536 advisory
- https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40554 advisory
- https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40551 advisory
- https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40553 advisory
- https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40552 advisory
- https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40537 advisory
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40552 vendor-advisory
- https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm url
- https://github.com/watchtowrlabs/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553/blob/main/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553.py exploit
- https://nvd.nist.gov/vuln/detail/CVE-2025-40552 advisory