You are currently viewing SolarWinds Implements Security Updates to Address Critical Web Help Desk Vulnerabilities

SolarWinds Implements Security Updates to Address Critical Web Help Desk Vulnerabilities

  • Post author:
  • Reading time:3 mins read

SolarWinds has released important security updates to address several critical vulnerabilities impacting its Web Help Desk (WHD) product. These issues include remote code execution (RCE) and authentication bypass flaws that put organizations at significant risk. Given WHD’s extensive use across enterprise, healthcare, education, and government sectors — and SolarWinds’ claim of over 300,000 global customers — applying patches promptly is crucial.

Vulnerability Details

SolarWinds’ security patches remediate multiple high-severity weaknesses, including:

CVE-2025-40552

  1. Vulnerability: Authentication Bypass
  2. CVSS Score: Critical
  3. EPSS Score: 0.05%
  4. Affected Products: SolarWinds Web Help Desk (versions before 2026.1)

CVE-2025-40554

  1. Vulnerability: Authentication Bypass
  2. CVSS Score: Critical
  3. EPSS Score: 0.03%
  4. Affected Products: SolarWinds Web Help Desk (versions before 2026.1)

CVE-2025-40553

  1. Vulnerability: Remote Code Execution
  2. CVSS Score: likely Critical
  3. EPSS Score: 0.65%
  4. Affected Products: SolarWinds Web Help Desk (versions before 2026.1)

CVE-2025-40551

  1. Vulnerability: Remote Code Execution
  2. CVSS Score: Critical
  3. EPSS Score: 0.87%
  4. Affected Products: SolarWinds Web Help Desk (versions before 2026.1)

CVE-2025-40537

  1. Affected Products: SolarWinds Web Help Desk (versions before 2026.1)
  2. Vulnerability: Privilege Escalation
  3. CVSS Score: High
  4. EPSS Score: 0.02%

CVE-2025-40536

  1. Affected Products: SolarWinds Web Help Desk (versions before 2026.1)
  2. Vulnerability: Authentication Bypass
  3. CVSS Score: High
  4. EPSS Score: 0.24%

Tactics, Techniques, and Procedures (TTPs)

The SolarWinds Web Help Desk vulnerabilities align with several MITRE ATT&CK tactics and techniques:

  • TA0002 – Execution: Attackers can leverage the RCE flaws to run malicious code directly on the server.
  • TA0004 – Privilege Escalation: Both the RCE and hardcoded credentials vulnerabilities enable attackers to gain elevated privileges.
  • TA0001 – Initial Access: Exploitation occurs through:
  • T1190 – Exploit Public-Facing Application
  • T1203 – Exploitation for Client Execution (for RCE flaws)
  • T1068 – Exploitation for Privilege Escalation (for RCE & hardcoded credentials)

Remediation Steps

SolarWinds recommends immediately upgrading to:

  • Web Help Desk version 2026.1: This update includes patches for all identified vulnerabilities. Administrators should follow SolarWinds’ official upgrade instructions to secure their deployments.

Past Exploitation

SolarWinds Web Help Desk has been targeted by attackers in previous years:

  • September 2025 – Patch Bypass (CVE-2025-26399): A bypass of a previously patched RCE flaw was reported and flagged by CISA as actively exploited, added to the Known Exploited Vulnerabilities (KEV) catalog, and mandated for patching by federal agencies.
  • October 2024 – Hardcoded Credentials Actively Exploited: CISA added another critical WHD hardcoded credentials flaw to the KEV list, urging government entities to patch immediately.

Instantly Fix Risks with Saner Patch Management

Saner patch management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.

It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. Saner patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.

Experience the fastest and most accurate patching software here.