CVE-2025-40554

Critical

Published: 28 January 2026

Published

28 January 2026

Modified

03 February 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0629 91.0th percentile

Risk Priority 23 60% EPSS · 20% KEV · 20% CVSS

Description

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.

Mitigating Controls (NIST 800-53 r5)AI

AC-14 Permitted Actions Without Identification or Authentication good match

prevent

Explicitly identifies and limits actions performable without identification or authentication, directly preventing exploitation of this authentication bypass vulnerability allowing unauthorized invocation of specific actions.

IA-2 Identification and Authentication (Organizational Users) good match

prevent

Requires identification and authentication of organizational users before allowing access, comprehensively mitigating authentication bypass vulnerabilities like CVE-2025-40554.

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations for access to system resources, countering the unauthorized actions enabled by this authentication bypass.

Security SummaryAI

CVE-2025-40554 is an authentication bypass vulnerability in SolarWinds Web Help Desk. The issue, published on 2026-01-28, allows an attacker to invoke specific actions within the Web Help Desk application without proper authentication. It is associated with CWE-1390 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for high impacts across confidentiality, integrity, and availability.

A remote attacker with network access can exploit this vulnerability with low complexity, no required privileges, and no user interaction. Exploitation enables the attacker to perform unauthorized actions within Web Help Desk, potentially leading to unauthorized access, data manipulation, or disruption of services as permitted by the bypassed authentication controls.

SolarWinds addresses the vulnerability in its security advisory at https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40554 and the Web Help Desk 2026.1 release notes at https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm, which detail patches and mitigation guidance.

Details

CWE(s): CWE-1390

Affected Products

solarwinds

web help desk

≤ 2026.1

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

CVE-2025-40554 is an authentication bypass in a public-facing SolarWinds Web Help Desk application, directly enabling exploitation of public-facing applications (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm
Release Notes · psirt@solarwinds.com
https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40554
Vendor Advisory · psirt@solarwinds.com