SolarWinds has released critical security updates to address multiple vulnerabilities in its Web Help Desk software, including authentication bypass and remote command execution flaws. These vulnerabilities could allow unauthenticated attackers to gain unauthorized access and execute commands on vulnerable systems. The company has provided detailed instructions for upgrading to Web Help Desk 2026.1 to patch these security issues, as reported by Bleeping Computer.The patches address four critical vulnerabilities: CVE-2025-40552 and CVE-2025-40554, which allow remote authentication bypass, CVE-2025-40553, a remote code execution (RCE) flaw due to untrusted data deserialization, and CVE-2025-40551, another RCE vulnerability. A high-severity hardcoded credentials vulnerability, CVE-2025-40537, was also patched. These flaws were discovered by researchers from watchTowr and Horizon3.ai. Web Help Desk is widely used by corporations, healthcare, educational institutions, and government agencies, making these vulnerabilities a significant concern.The frequent exploitation of Web Help Desk vulnerabilities, including past RCE and hardcoded credential flaws flagged by CISA, underscores the ongoing threat to organizations relying on this software. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has previously mandated federal agencies to patch similar vulnerabilities, highlighting the potential for widespread impact and the need for prompt security updates across all sectors.Source: Bleeping Computer
Vulnerability Management, Patch/Configuration Management
SolarWinds patches critical vulnerabilities in Web Help Desk software

(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



