Vulnerability Management, Patch/Configuration Management

SolarWinds patches critical vulnerabilities in Web Help Desk software

SolarWinds company logo icon on website, Illustrative Editorial

SolarWinds has released critical security updates to address multiple vulnerabilities in its Web Help Desk software, including authentication bypass and remote command execution flaws. These vulnerabilities could allow unauthenticated attackers to gain unauthorized access and execute commands on vulnerable systems. The company has provided detailed instructions for upgrading to Web Help Desk 2026.1 to patch these security issues, as reported by Bleeping Computer.

The patches address four critical vulnerabilities: CVE-2025-40552 and CVE-2025-40554, which allow remote authentication bypass, CVE-2025-40553, a remote code execution (RCE) flaw due to untrusted data deserialization, and CVE-2025-40551, another RCE vulnerability. A high-severity hardcoded credentials vulnerability, CVE-2025-40537, was also patched. These flaws were discovered by researchers from watchTowr and Horizon3.ai. Web Help Desk is widely used by corporations, healthcare, educational institutions, and government agencies, making these vulnerabilities a significant concern.

The frequent exploitation of Web Help Desk vulnerabilities, including past RCE and hardcoded credential flaws flagged by CISA, underscores the ongoing threat to organizations relying on this software. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has previously mandated federal agencies to patch similar vulnerabilities, highlighting the potential for widespread impact and the need for prompt security updates across all sectors.

Source: Bleeping Computer

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds