CVE-2025-40552

Critical

Published: 28 January 2026

Published

28 January 2026

Modified

26 February 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0855 92.4th percentile

Risk Priority 25 60% EPSS · 20% KEV · 20% CVSS

Description

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires timely remediation of identified flaws, such as applying SolarWinds patches for this authentication bypass vulnerability.

IA-8 Identification and Authentication (Non-organizational Users) good match

prevent

Mandates identification and authentication for non-organizational users, directly preventing remote unauthenticated attackers from bypassing controls.

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations for access to protected resources, countering the vulnerability's ability to execute privileged actions without authentication.

Security SummaryAI

CVE-2025-40552 is an authentication bypass vulnerability in SolarWinds Web Help Desk. If exploited, it allows a malicious actor to execute actions and methods that should be protected by authentication. The issue, published on 2026-01-28, carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-1390.

The vulnerability enables exploitation by any remote, unauthenticated attacker over the network with low attack complexity and no user interaction. Successful exploitation bypasses authentication controls, granting the attacker access to perform privileged operations and potentially achieving high impacts on confidentiality, integrity, and availability of the affected system.

SolarWinds provides mitigation guidance in its security advisory at https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40552 and release notes for Web Help Desk 2026.1 at https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm. A proof-of-concept script demonstrating exploitation of CVE-2025-40552 (alongside CVE-2025-40553) is publicly available on GitHub at https://github.com/watchtowrlabs/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553/blob/main/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553.py.

Details

CWE(s): CWE-1390

Affected Products

solarwinds

web help desk

≤ 2026.1

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

CVE-2025-40552 is an authentication bypass vulnerability in the public-facing SolarWinds Web Help Desk application, directly enabling exploitation of a public-facing application (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm
Release Notes · psirt@solarwinds.com
https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40552
Vendor Advisory · psirt@solarwinds.com
https://github.com/watchtowrlabs/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553/blob/main/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553.py
134c704f-9b21-4f2e-91b3-4a467353bcc0