Cybersecurity Blog | RedLegg

Security Bulletin: Authentication Bypass in SolarWinds Web Help Desk

Written by RedLegg's Cyber Threat Intelligence Team | 1/28/26 10:44 PM

About:

CVE-2025-40552 is a critical authentication bypass vulnerability in SolarWinds Web Help Desk caused by improper enforcement of access controls on certain application methods. A remote attacker may be able to bypass normal authentication requirements and interact with protected functionality without valid credentials. Successful exploitation could expose sensitive ticketing data, user information, and potentially administrative capabilities within the help desk platform.

RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.

VULNERABILITIES

Authentication Bypass in SolarWinds Web Help Desk

CVSS Score: 9.8 (Critical, CVSS v3.1)

Identifier: CVE-2025-40552

Exploit or Proof of Concept (PoC): 
No public reports of exploitation at the time of reporting.

Update/ Patch:

SolarWinds addressed CVE-2025-40552 in Web Help Desk version 2026.1. All deployments should be upgraded to this version or later and any subsequent hotfixes should be applied.
 
Official release notes and fix information:
 
Description: 
SolarWinds Web Help Desk vulnerability (CVE-2025-40552) allows authentication bypass via improper access controls. CVSS 9.8. Upgrade to WHD 2026.1 or later immediately.

 

Mitigation Recommendation:

Immediately upgrade SolarWinds Web Help Desk to version 2026.1 or later and apply all subsequent security hotfixes.
 
Restrict network access to the WHD web interface so it is not directly reachable from the internet. Limit access to trusted internal networks or VPN/ZTNA.
 
Enforce strong authentication and MFA for administrative and privileged WHD accounts.
 

 
View full post