Get Your Free Report
Start for Free
SOCRadar® Cyber Intelligence Inc. | SolarWinds Web Help Desk Update Addresses High-Risk RCE & Auth Bypass Bugs
Jan 30, 2026
4 Mins Read
Moon

SolarWinds Web Help Desk Update Addresses High-Risk RCE & Auth Bypass Bugs

SolarWinds has released an urgent security update for its Web Help Desk (WHD) platform after disclosing multiple vulnerabilities, several of which carry critical severity ratings.

SolarWinds Web Help Desk is widely used for IT ticketing and asset management, making these flaws relevant to organizations that rely on it for daily operations.

The issues range from authentication bypasses to Remote Code Execution (RCE), and some can be exploited without valid credentials.

What Vulnerabilities Were Identified in SolarWinds Web Help Desk?

SolarWinds disclosed six vulnerabilities affecting Web Help Desk versions 12.8.8 Hotfix 1 and earlier. Among them, four are rated critical due to their potential impact and low exploitation barriers.

The four critical vulnerabilities disclosed by SolarWinds are outlined below:

  • CVE-2025-40551 (CVSS 9.8) – A deserialization of untrusted data vulnerability that allows an unauthenticated attacker to achieve remote code execution and run arbitrary operating system commands on the server.
Details of CVE-2025-40551 (SOCRadar Vulnerability Intelligence)

Details of CVE-2025-40551 (SOCRadar Vulnerability Intelligence)

  • CVE-2025-40553 (CVSS 9.8) – Another deserialization flaw that enables unauthenticated remote code execution through malicious object injection.
  • CVE-2025-40552 (CVSS 9.8) – An authentication bypass vulnerability that allows unauthenticated attackers to execute protected actions and methods, with potential paths to remote code execution.
  • CVE-2025-40554 (CVSS 9.8) – A separate authentication bypass issue that enables attackers to invoke restricted application functionality without valid credentials.

The remaining issues are rated high severity. One allows access control bypass to protected functionality (CVE-2025-40536), while another involves hard-coded credentials (CVE-2025-40537) that could expose administrative features under certain conditions.

Who Is Most at Risk From These Issues?

Any organization running a vulnerable version of SolarWinds Web Help Desk (12.8.8 Hotfix 1 and earlier) is exposed, especially if the application is reachable from untrusted networks. IT service management platforms often integrate with internal systems, databases, and credentials, which increases the potential blast radius if compromise occurs.

This risk is amplified by the fact that Web Help Desk has previously appeared on CISA’s Known Exploited Vulnerabilities list, indicating that attackers have shown sustained interest in this product category.

Is There Active Exploitation in the Wild?

At the time the advisory was published, there were no confirmed reports of active exploitation. However, this does not significantly reduce risk. Once Proof-of-Concept (PoC) details or exploit code become public, unauthenticated vulnerabilities – especially RCE – tend to attract rapid attention from attackers.

Historically, similar flaws in widely deployed enterprise software have been weaponized quickly, sometimes within days of disclosure.

How Can Security Teams Track and Prioritize Exposure?

Keeping pace with critical vulnerabilities like those affecting SolarWinds Web Help Desk requires more than reactive patching. Security teams need visibility into which assets are exposed, how severe each vulnerability is, and whether attackers are actively exploiting similar flaws in the wild.

This is where platforms like SOCRadar can support vulnerability management efforts. Through its Cyber Threat Intelligence and Attack Surface Management capabilities, SOCRadar helps organizations identify exposed services, monitor newly disclosed CVEs, and understand which vulnerabilities pose the most immediate risk based on real-world threat activity.

Track the latest CVEs and exploitation activity with SOCRadar’s Vulnerability Intelligence

Track the latest CVEs and exploitation activity with SOCRadar’s Vulnerability Intelligence

By correlating vulnerability data with external exposure and threat intelligence, teams can prioritize remediation efforts more effectively and reduce the time attackers have to exploit critical weaknesses.

What Steps Should Organizations Take to Reduce Risk?

SolarWinds has addressed all six vulnerabilities in Web Help Desk version 2026.1, and applying this update is the most effective mitigation.

In addition to updating:

  • Review network exposure of Web Help Desk instances.
  • Monitor logs for unusual authentication or application behavior.
  • Reassess access controls and segmentation around IT management systems.

Prompt remediation reduces the window of opportunity for attackers and helps limit downstream impact if exploit attempts emerge.