Search criteria
60 vulnerabilities found for web_help_desk by solarwinds
CVE-2025-40552 (GCVE-0-2025-40552)
Vulnerability from nvd – Published: 2026-01-28 07:34 – Updated: 2026-02-27 04:55
VLAI?
Title
SolarWinds Web Help Desk Authentication Bypass Vulnerability
Summary
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.
Severity ?
9.8 (Critical)
CWE
- CWE-1390 - Weak Authentication
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.8 HF1 and below
|
Credits
Piotr Bazydlo working with watchTowr
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40552",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-28T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T04:55:45.492Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/watchtowrlabs/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553/blob/main/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553.py"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.8 HF1 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Piotr Bazydlo working with watchTowr"
}
],
"datePublic": "2026-01-28T07:34:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication."
}
],
"value": "SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1390",
"description": "CWE-1390 Weak Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T07:34:37.773Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40552"
},
{
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends customers upgrade to Web Help Desk version 2026.1."
}
],
"value": "SolarWinds recommends customers upgrade to Web Help Desk version 2026.1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Web Help Desk Authentication Bypass Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2025-40552",
"datePublished": "2026-01-28T07:34:37.773Z",
"dateReserved": "2025-04-16T08:01:25.943Z",
"dateUpdated": "2026-02-27T04:55:45.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40553 (GCVE-0-2025-40553)
Vulnerability from nvd – Published: 2026-01-28 07:35 – Updated: 2026-02-27 04:55
VLAI?
Title
SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability
Summary
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
Severity ?
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.8 HF1 and below
|
Credits
Piotr Bazydlo working with watchTowr
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40553",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-28T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T04:55:46.647Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/watchtowrlabs/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553/blob/main/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553.py"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.8 HF1 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Piotr Bazydlo working with watchTowr"
}
],
"datePublic": "2026-01-28T07:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication."
}
],
"value": "SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T07:35:41.825Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40553"
},
{
"tags": [
"release-notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends customers upgrade to Web Help Desk version 2026.1."
}
],
"value": "SolarWinds recommends customers upgrade to Web Help Desk version 2026.1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2025-40553",
"datePublished": "2026-01-28T07:35:41.825Z",
"dateReserved": "2025-04-16T08:01:25.943Z",
"dateUpdated": "2026-02-27T04:55:46.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40554 (GCVE-0-2025-40554)
Vulnerability from nvd – Published: 2026-01-28 07:36 – Updated: 2026-02-26 15:04
VLAI?
Title
SolarWinds Web Help Desk Authentication Bypass Vulnerability
Summary
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.
Severity ?
9.8 (Critical)
CWE
- CWE-1390 - Weak Authentication
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.8 HF1 and below
|
Credits
Piotr Bazydlo working with watchTowr
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40554",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-29T04:55:44.011311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:48.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.8 HF1 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Piotr Bazydlo working with watchTowr"
}
],
"datePublic": "2026-01-28T07:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.\u003cbr\u003e"
}
],
"value": "SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1390",
"description": "CWE-1390 Weak Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T07:36:50.177Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40554"
},
{
"tags": [
"release-notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends users upgrade to Web Help Desk version 2026.1."
}
],
"value": "SolarWinds recommends users upgrade to Web Help Desk version 2026.1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Web Help Desk Authentication Bypass Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2025-40554",
"datePublished": "2026-01-28T07:36:50.177Z",
"dateReserved": "2025-04-16T08:01:25.943Z",
"dateUpdated": "2026-02-26T15:04:48.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40551 (GCVE-0-2025-40551)
Vulnerability from nvd – Published: 2026-01-28 07:33 – Updated: 2026-02-26 15:04
VLAI?
Title
SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability
Summary
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
Severity ?
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.8 HF1 and below
|
Credits
Jimi Sebree working with Horizon3.ai
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40551",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T04:55:44.585122Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-02-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40551"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:49.084Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40551"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.8 HF1 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jimi Sebree working with Horizon3.ai"
}
],
"datePublic": "2026-01-28T07:32:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication."
}
],
"value": "SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T07:33:09.603Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40551"
},
{
"tags": [
"release-notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends customers upgrade to Web Help Desk version 2026.1."
}
],
"value": "SolarWinds recommends customers upgrade to Web Help Desk version 2026.1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2025-40551",
"datePublished": "2026-01-28T07:33:09.603Z",
"dateReserved": "2025-04-16T08:01:25.942Z",
"dateUpdated": "2026-02-26T15:04:49.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40537 (GCVE-0-2025-40537)
Vulnerability from nvd – Published: 2026-01-28 07:31 – Updated: 2026-02-26 15:04
VLAI?
Title
SolarWinds Web Help Desk Hardcoded Credentials Vulnerability
Summary
SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions.
Severity ?
7.5 (High)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.8 HF1 and below
|
Credits
Jimi Sebree working with Horizon3.ai
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40537",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T04:55:33.662870Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:49.393Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.8 HF1 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jimi Sebree working with Horizon3.ai"
}
],
"datePublic": "2026-01-28T07:31:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions."
}
],
"value": "SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions."
}
],
"impacts": [
{
"capecId": "CAPEC-70",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-70 Try Common or Default Usernames and Passwords"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T07:31:41.994Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40537"
},
{
"tags": [
"release-notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends customers upgrade to Web Help Desk version 2026.1, and to follow the steps in the guide to unlink the demo client from the admin user. The guide can be found in the release notes and the Web Help Desk Secure Configuration guide, which can be found here:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://documentation.solarwinds.com/en/success_center/whd/content/helpdesksecureconfiguration.htm\"\u003ehttps://documentation.solarwinds.com/en/success_center/whd/content/helpdesksecureconfiguration.htm\u003c/a\u003e.\u003cbr\u003e"
}
],
"value": "SolarWinds recommends customers upgrade to Web Help Desk version 2026.1, and to follow the steps in the guide to unlink the demo client from the admin user. The guide can be found in the release notes and the Web Help Desk Secure Configuration guide, which can be found here:\u00a0 https://documentation.solarwinds.com/en/success_center/whd/content/helpdesksecureconfiguration.htm https://documentation.solarwinds.com/en/success_center/whd/content/helpdesksecureconfiguration.htm ."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Web Help Desk Hardcoded Credentials Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2025-40537",
"datePublished": "2026-01-28T07:31:41.994Z",
"dateReserved": "2025-04-16T08:00:57.647Z",
"dateUpdated": "2026-02-26T15:04:49.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40536 (GCVE-0-2025-40536)
Vulnerability from nvd – Published: 2026-01-28 07:30 – Updated: 2026-02-26 15:04
VLAI?
Title
SolarWinds Web Help Desk Security Control Bypass Vulnerability
Summary
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.
Severity ?
8.1 (High)
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.8 HF1 and below
|
Credits
Jimi Sebree working with Horizon3.ai
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40536",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-13T04:56:26.454872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-02-12",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40536"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:49.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40536"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.huntress.com/blog/active-exploitation-solarwinds-web-help-desk-cve-2025-26399"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-12T00:00:00.000Z",
"value": "CVE-2025-40536 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.8 HF1 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jimi Sebree working with Horizon3.ai"
}
],
"datePublic": "2026-01-28T07:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality."
}
],
"value": "SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T07:30:09.503Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40536"
},
{
"tags": [
"release-notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends customers upgrade to Web Help Desk version 2026.1."
}
],
"value": "SolarWinds recommends customers upgrade to Web Help Desk version 2026.1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Web Help Desk Security Control Bypass Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2025-40536",
"datePublished": "2026-01-28T07:30:09.503Z",
"dateReserved": "2025-04-16T08:00:57.647Z",
"dateUpdated": "2026-02-26T15:04:49.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-26399 (GCVE-0-2025-26399)
Vulnerability from nvd – Published: 2025-09-23 05:07 – Updated: 2026-03-09 22:20
VLAI?
Title
SolarWinds Web Help Desk Deserialization of Untrusted Data Privilege Escalation Vulnerability
Summary
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.
Severity ?
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.7 and below
|
Credits
Anonymous working with Trend Micro Zero Day Initiative
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26399",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T18:21:13.412619Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-03-09",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-26399"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T22:20:24.321Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.microsoft.com/en-us/security/blog/2026/02/06/active-exploitation-solarwinds-web-help-desk/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-26399"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-09T00:00:00.000Z",
"value": "CVE-2025-26399 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.7 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Anonymous working with Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986."
}
],
"value": "SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248: Untrusted Execution Flow"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T05:07:14.702Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26399"
},
{
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends customers to upgrade to Web Help Desk version 12.8.7 HF1 as soon as is practical."
}
],
"value": "SolarWinds recommends customers to upgrade to Web Help Desk version 12.8.7 HF1 as soon as is practical."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Web Help Desk Deserialization of Untrusted Data Privilege Escalation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2025-26399",
"datePublished": "2025-09-23T05:07:14.702Z",
"dateReserved": "2025-02-08T00:19:09.395Z",
"dateUpdated": "2026-03-09T22:20:24.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-28988 (GCVE-0-2024-28988)
Vulnerability from nvd – Published: 2025-09-01 21:18 – Updated: 2026-02-26 17:49
VLAI?
Title
SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability
Summary
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research.
We recommend all Web Help Desk customers apply the patch, which is now available.
We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.
Severity ?
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.3 HF 2 and previous versions
|
Credits
Guy Lederfein of Trend Micro
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28988",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-03T03:55:25.330470Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:49:55.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.3 HF 2 and previous versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Guy Lederfein of Trend Micro"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cp\u003eSolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research.\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eWe recommend all Web Help Desk customers apply the patch, which is now available.\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eWe thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. \u0026nbsp; \u003c/p\u003e\u003c/div\u003e"
}
],
"value": "SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research.\u00a0\n\n\n\n\n\nWe recommend all Web Help Desk customers apply the patch, which is now available.\u00a0\n\n\n\n\n\nWe thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T21:18:58.626Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-3"
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28988"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "All SolarWinds Web Help Desk customers are advised to upgrade to the latest version of the SolarWinds Web Help Desk 12.8.3 HF 3"
}
],
"value": "All SolarWinds Web Help Desk customers are advised to upgrade to the latest version of the SolarWinds Web Help Desk 12.8.3 HF 3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-28988",
"datePublished": "2025-09-01T21:18:58.626Z",
"dateReserved": "2024-03-13T20:27:09.782Z",
"dateUpdated": "2026-02-26T17:49:55.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-26400 (GCVE-0-2025-26400)
Vulnerability from nvd – Published: 2025-07-29 08:07 – Updated: 2025-07-29 13:47
VLAI?
Title
SolarWinds Web Help Desk XML External Entity Injection (XXE) Vulnerability
Summary
SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files.
Severity ?
5.3 (Medium)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.6 and previous versions
|
Credits
DieuLink, Nhiephon, and chung96vn from GCSC Vietnam
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26400",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T13:47:11.601984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T13:47:18.609Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.6 and previous versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "DieuLink, Nhiephon, and chung96vn from GCSC Vietnam"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files."
}
],
"value": "SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files."
}
],
"impacts": [
{
"capecId": "CAPEC-201",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-201 XML Entity Linking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T08:07:38.230Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26400"
},
{
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends customers upgrade to Web Help Desk version 12.8.7 as soon as is practical.\u003cbr\u003e"
}
],
"value": "SolarWinds recommends customers upgrade to Web Help Desk version 12.8.7 as soon as is practical."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Web Help Desk XML External Entity Injection (XXE) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2025-26400",
"datePublished": "2025-07-29T08:07:38.230Z",
"dateReserved": "2025-02-08T00:19:09.395Z",
"dateUpdated": "2025-07-29T13:47:18.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28989 (GCVE-0-2024-28989)
Vulnerability from nvd – Published: 2025-02-11 07:13 – Updated: 2025-02-11 15:27
VLAI?
Title
SolarWinds Web Help Desk Cryptographic Key Management Vulnerability
Summary
SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software.
Severity ?
5.5 (Medium)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.4 and previous versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28989",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T15:26:54.819240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T15:27:11.512Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.4 and previous versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software."
}
],
"value": "SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software."
}
],
"impacts": [
{
"capecId": "CAPEC-191",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-191: Read Sensitive Constants Within an Executable"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T07:13:05.768Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28989"
},
{
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-5_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends customers upgrade to SolarWinds\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWeb Help Desk version 12.8.5.\u003c/span\u003e\n\n as soon as it becomes available.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "SolarWinds recommends customers upgrade to SolarWinds\u00a0\n\nWeb Help Desk version 12.8.5.\n\n as soon as it becomes available."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Web Help Desk Cryptographic Key Management Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-28989",
"datePublished": "2025-02-11T07:13:05.768Z",
"dateReserved": "2024-03-13T20:27:09.782Z",
"dateUpdated": "2025-02-11T15:27:11.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2025-40551
Vulnerability from fkie_nvd - Published: 2026-01-28 08:16 - Updated: 2026-02-04 02:00
Severity ?
Summary
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | web_help_desk | * |
{
"cisaActionDue": "2026-02-06",
"cisaExploitAdd": "2026-02-03",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CADB33-214C-441A-BB62-64811EBBEB29",
"versionEndExcluding": "2026.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication."
}
],
"id": "CVE-2025-40551",
"lastModified": "2026-02-04T02:00:02.030",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "psirt@solarwinds.com",
"type": "Secondary"
}
]
},
"published": "2026-01-28T08:16:02.273",
"references": [
{
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm"
},
{
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40551"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40551"
}
],
"sourceIdentifier": "psirt@solarwinds.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "psirt@solarwinds.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-40554
Vulnerability from fkie_nvd - Published: 2026-01-28 08:16 - Updated: 2026-02-03 21:08
Severity ?
Summary
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | web_help_desk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CADB33-214C-441A-BB62-64811EBBEB29",
"versionEndExcluding": "2026.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk."
}
],
"id": "CVE-2025-40554",
"lastModified": "2026-02-03T21:08:32.487",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "psirt@solarwinds.com",
"type": "Primary"
}
]
},
"published": "2026-01-28T08:16:02.737",
"references": [
{
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm"
},
{
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40554"
}
],
"sourceIdentifier": "psirt@solarwinds.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1390"
}
],
"source": "psirt@solarwinds.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-40552
Vulnerability from fkie_nvd - Published: 2026-01-28 08:16 - Updated: 2026-02-26 19:30
Severity ?
Summary
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | web_help_desk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CADB33-214C-441A-BB62-64811EBBEB29",
"versionEndExcluding": "2026.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication."
}
],
"id": "CVE-2025-40552",
"lastModified": "2026-02-26T19:30:48.133",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "psirt@solarwinds.com",
"type": "Secondary"
}
]
},
"published": "2026-01-28T08:16:02.430",
"references": [
{
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm"
},
{
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40552"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://github.com/watchtowrlabs/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553/blob/main/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553.py"
}
],
"sourceIdentifier": "psirt@solarwinds.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1390"
}
],
"source": "psirt@solarwinds.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-40537
Vulnerability from fkie_nvd - Published: 2026-01-28 08:16 - Updated: 2026-02-03 21:14
Severity ?
Summary
SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | web_help_desk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CADB33-214C-441A-BB62-64811EBBEB29",
"versionEndExcluding": "2026.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions."
}
],
"id": "CVE-2025-40537",
"lastModified": "2026-02-03T21:14:21.527",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "psirt@solarwinds.com",
"type": "Secondary"
}
]
},
"published": "2026-01-28T08:16:02.110",
"references": [
{
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm"
},
{
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40537"
}
],
"sourceIdentifier": "psirt@solarwinds.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "psirt@solarwinds.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-40553
Vulnerability from fkie_nvd - Published: 2026-01-28 08:16 - Updated: 2026-02-26 19:30
Severity ?
Summary
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | web_help_desk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CADB33-214C-441A-BB62-64811EBBEB29",
"versionEndExcluding": "2026.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication."
}
],
"id": "CVE-2025-40553",
"lastModified": "2026-02-26T19:30:48.297",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "psirt@solarwinds.com",
"type": "Secondary"
}
]
},
"published": "2026-01-28T08:16:02.583",
"references": [
{
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm"
},
{
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40553"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://github.com/watchtowrlabs/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553/blob/main/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553.py"
}
],
"sourceIdentifier": "psirt@solarwinds.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "psirt@solarwinds.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-40536
Vulnerability from fkie_nvd - Published: 2026-01-28 08:16 - Updated: 2026-02-13 14:03
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | web_help_desk | * |
{
"cisaActionDue": "2026-02-15",
"cisaExploitAdd": "2026-02-12",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "SolarWinds Web Help Desk Security Control Bypass Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CADB33-214C-441A-BB62-64811EBBEB29",
"versionEndExcluding": "2026.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality."
}
],
"id": "CVE-2025-40536",
"lastModified": "2026-02-13T14:03:55.790",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "psirt@solarwinds.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2026-01-28T08:16:01.893",
"references": [
{
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm"
},
{
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40536"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40536"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Third Party Advisory"
],
"url": "https://www.huntress.com/blog/active-exploitation-solarwinds-web-help-desk-cve-2025-26399"
}
],
"sourceIdentifier": "psirt@solarwinds.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-693"
}
],
"source": "psirt@solarwinds.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-26399
Vulnerability from fkie_nvd - Published: 2025-09-23 05:15 - Updated: 2025-11-14 23:41
Severity ?
Summary
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | web_help_desk | * | |
| solarwinds | web_help_desk | 12.8.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46BAB832-25B8-4ED6-B209-759F4B470CCE",
"versionEndIncluding": "12.8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:12.8.7:-:*:*:*:*:*:*",
"matchCriteriaId": "B88A115F-EDE4-447D-A35B-902A4074824A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986."
}
],
"id": "CVE-2025-26399",
"lastModified": "2025-11-14T23:41:16.280",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "psirt@solarwinds.com",
"type": "Secondary"
}
]
},
"published": "2025-09-23T05:15:35.777",
"references": [
{
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm"
},
{
"source": "psirt@solarwinds.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26399"
}
],
"sourceIdentifier": "psirt@solarwinds.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "psirt@solarwinds.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-28988
Vulnerability from fkie_nvd - Published: 2025-09-01 22:15 - Updated: 2025-11-14 23:32
Severity ?
Summary
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research.
We recommend all Web Help Desk customers apply the patch, which is now available.
We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | web_help_desk | * | |
| solarwinds | web_help_desk | 12.8.3 | |
| solarwinds | web_help_desk | 12.8.3 | |
| solarwinds | web_help_desk | 12.8.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5426A720-F345-4C8E-B5B5-76639D447A6D",
"versionEndIncluding": "12.8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:12.8.3:-:*:*:*:*:*:*",
"matchCriteriaId": "331BF887-F099-419E-9664-EE2EC76E2E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:12.8.3:hotfix1:*:*:*:*:*:*",
"matchCriteriaId": "7FCFD6C1-EF56-47F4-AFE5-AD8E54232FF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:12.8.3:hotfix2:*:*:*:*:*:*",
"matchCriteriaId": "DB6BE43D-5CCE-48BE-8A0A-378BBC265648",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research.\u00a0\n\n\n\n\n\nWe recommend all Web Help Desk customers apply the patch, which is now available.\u00a0\n\n\n\n\n\nWe thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities."
}
],
"id": "CVE-2024-28988",
"lastModified": "2025-11-14T23:32:43.077",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "psirt@solarwinds.com",
"type": "Secondary"
}
]
},
"published": "2025-09-01T22:15:30.070",
"references": [
{
"source": "psirt@solarwinds.com",
"tags": [
"Broken Link"
],
"url": "https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-3"
},
{
"source": "psirt@solarwinds.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28988"
}
],
"sourceIdentifier": "psirt@solarwinds.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "psirt@solarwinds.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-26400
Vulnerability from fkie_nvd - Published: 2025-07-29 08:15 - Updated: 2025-11-17 16:11
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@solarwinds.com | https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7_release_notes.htm | Release Notes, Vendor Advisory | |
| psirt@solarwinds.com | https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26400 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | web_help_desk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE441DEF-EFE1-47A6-A542-40B493D72AEF",
"versionEndExcluding": "12.8.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files."
},
{
"lang": "es",
"value": "Se inform\u00f3 que SolarWinds Web Help Desk se vio afectado por una vulnerabilidad de inyecci\u00f3n de entidades externas XML (XXE) que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n. Se requiere un acceso v\u00e1lido con privilegios bajos, a menos que el atacante tuviera acceso al servidor local para modificar los archivos de configuraci\u00f3n."
}
],
"id": "CVE-2025-26400",
"lastModified": "2025-11-17T16:11:59.000",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "psirt@solarwinds.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-07-29T08:15:26.053",
"references": [
{
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7_release_notes.htm"
},
{
"source": "psirt@solarwinds.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26400"
}
],
"sourceIdentifier": "psirt@solarwinds.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "psirt@solarwinds.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-28989
Vulnerability from fkie_nvd - Published: 2025-02-11 08:15 - Updated: 2025-02-25 17:36
Severity ?
Summary
SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | web_help_desk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06E1FD47-7177-4F14-90BB-0A42EBC514E0",
"versionEndExcluding": "12.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que SolarWinds Web Help Desk ten\u00eda una clave criptogr\u00e1fica codificada que podr\u00eda permitir la divulgaci\u00f3n de informaci\u00f3n confidencial del software."
}
],
"id": "CVE-2024-28989",
"lastModified": "2025-02-25T17:36:29.507",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "psirt@solarwinds.com",
"type": "Secondary"
}
]
},
"published": "2025-02-11T08:15:30.787",
"references": [
{
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-5_release_notes.htm"
},
{
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28989"
}
],
"sourceIdentifier": "psirt@solarwinds.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-321"
}
],
"source": "psirt@solarwinds.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-40554 (GCVE-0-2025-40554)
Vulnerability from cvelistv5 – Published: 2026-01-28 07:36 – Updated: 2026-02-26 15:04
VLAI?
Title
SolarWinds Web Help Desk Authentication Bypass Vulnerability
Summary
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.
Severity ?
9.8 (Critical)
CWE
- CWE-1390 - Weak Authentication
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.8 HF1 and below
|
Credits
Piotr Bazydlo working with watchTowr
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40554",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-29T04:55:44.011311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:48.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.8 HF1 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Piotr Bazydlo working with watchTowr"
}
],
"datePublic": "2026-01-28T07:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.\u003cbr\u003e"
}
],
"value": "SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1390",
"description": "CWE-1390 Weak Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T07:36:50.177Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40554"
},
{
"tags": [
"release-notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends users upgrade to Web Help Desk version 2026.1."
}
],
"value": "SolarWinds recommends users upgrade to Web Help Desk version 2026.1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Web Help Desk Authentication Bypass Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2025-40554",
"datePublished": "2026-01-28T07:36:50.177Z",
"dateReserved": "2025-04-16T08:01:25.943Z",
"dateUpdated": "2026-02-26T15:04:48.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40553 (GCVE-0-2025-40553)
Vulnerability from cvelistv5 – Published: 2026-01-28 07:35 – Updated: 2026-02-27 04:55
VLAI?
Title
SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability
Summary
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
Severity ?
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.8 HF1 and below
|
Credits
Piotr Bazydlo working with watchTowr
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40553",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-28T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T04:55:46.647Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/watchtowrlabs/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553/blob/main/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553.py"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.8 HF1 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Piotr Bazydlo working with watchTowr"
}
],
"datePublic": "2026-01-28T07:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication."
}
],
"value": "SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T07:35:41.825Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40553"
},
{
"tags": [
"release-notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends customers upgrade to Web Help Desk version 2026.1."
}
],
"value": "SolarWinds recommends customers upgrade to Web Help Desk version 2026.1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2025-40553",
"datePublished": "2026-01-28T07:35:41.825Z",
"dateReserved": "2025-04-16T08:01:25.943Z",
"dateUpdated": "2026-02-27T04:55:46.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40552 (GCVE-0-2025-40552)
Vulnerability from cvelistv5 – Published: 2026-01-28 07:34 – Updated: 2026-02-27 04:55
VLAI?
Title
SolarWinds Web Help Desk Authentication Bypass Vulnerability
Summary
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.
Severity ?
9.8 (Critical)
CWE
- CWE-1390 - Weak Authentication
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.8 HF1 and below
|
Credits
Piotr Bazydlo working with watchTowr
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40552",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-28T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T04:55:45.492Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/watchtowrlabs/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553/blob/main/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553.py"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.8 HF1 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Piotr Bazydlo working with watchTowr"
}
],
"datePublic": "2026-01-28T07:34:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication."
}
],
"value": "SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1390",
"description": "CWE-1390 Weak Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T07:34:37.773Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40552"
},
{
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends customers upgrade to Web Help Desk version 2026.1."
}
],
"value": "SolarWinds recommends customers upgrade to Web Help Desk version 2026.1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Web Help Desk Authentication Bypass Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2025-40552",
"datePublished": "2026-01-28T07:34:37.773Z",
"dateReserved": "2025-04-16T08:01:25.943Z",
"dateUpdated": "2026-02-27T04:55:45.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40551 (GCVE-0-2025-40551)
Vulnerability from cvelistv5 – Published: 2026-01-28 07:33 – Updated: 2026-02-26 15:04
VLAI?
Title
SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability
Summary
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
Severity ?
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.8 HF1 and below
|
Credits
Jimi Sebree working with Horizon3.ai
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40551",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T04:55:44.585122Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-02-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40551"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:49.084Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40551"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.8 HF1 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jimi Sebree working with Horizon3.ai"
}
],
"datePublic": "2026-01-28T07:32:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication."
}
],
"value": "SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T07:33:09.603Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40551"
},
{
"tags": [
"release-notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends customers upgrade to Web Help Desk version 2026.1."
}
],
"value": "SolarWinds recommends customers upgrade to Web Help Desk version 2026.1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2025-40551",
"datePublished": "2026-01-28T07:33:09.603Z",
"dateReserved": "2025-04-16T08:01:25.942Z",
"dateUpdated": "2026-02-26T15:04:49.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40537 (GCVE-0-2025-40537)
Vulnerability from cvelistv5 – Published: 2026-01-28 07:31 – Updated: 2026-02-26 15:04
VLAI?
Title
SolarWinds Web Help Desk Hardcoded Credentials Vulnerability
Summary
SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions.
Severity ?
7.5 (High)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.8 HF1 and below
|
Credits
Jimi Sebree working with Horizon3.ai
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40537",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T04:55:33.662870Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:49.393Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.8 HF1 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jimi Sebree working with Horizon3.ai"
}
],
"datePublic": "2026-01-28T07:31:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions."
}
],
"value": "SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions."
}
],
"impacts": [
{
"capecId": "CAPEC-70",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-70 Try Common or Default Usernames and Passwords"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T07:31:41.994Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40537"
},
{
"tags": [
"release-notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends customers upgrade to Web Help Desk version 2026.1, and to follow the steps in the guide to unlink the demo client from the admin user. The guide can be found in the release notes and the Web Help Desk Secure Configuration guide, which can be found here:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://documentation.solarwinds.com/en/success_center/whd/content/helpdesksecureconfiguration.htm\"\u003ehttps://documentation.solarwinds.com/en/success_center/whd/content/helpdesksecureconfiguration.htm\u003c/a\u003e.\u003cbr\u003e"
}
],
"value": "SolarWinds recommends customers upgrade to Web Help Desk version 2026.1, and to follow the steps in the guide to unlink the demo client from the admin user. The guide can be found in the release notes and the Web Help Desk Secure Configuration guide, which can be found here:\u00a0 https://documentation.solarwinds.com/en/success_center/whd/content/helpdesksecureconfiguration.htm https://documentation.solarwinds.com/en/success_center/whd/content/helpdesksecureconfiguration.htm ."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Web Help Desk Hardcoded Credentials Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2025-40537",
"datePublished": "2026-01-28T07:31:41.994Z",
"dateReserved": "2025-04-16T08:00:57.647Z",
"dateUpdated": "2026-02-26T15:04:49.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40536 (GCVE-0-2025-40536)
Vulnerability from cvelistv5 – Published: 2026-01-28 07:30 – Updated: 2026-02-26 15:04
VLAI?
Title
SolarWinds Web Help Desk Security Control Bypass Vulnerability
Summary
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.
Severity ?
8.1 (High)
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.8 HF1 and below
|
Credits
Jimi Sebree working with Horizon3.ai
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40536",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-13T04:56:26.454872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-02-12",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40536"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:49.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40536"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.huntress.com/blog/active-exploitation-solarwinds-web-help-desk-cve-2025-26399"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-12T00:00:00.000Z",
"value": "CVE-2025-40536 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.8 HF1 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jimi Sebree working with Horizon3.ai"
}
],
"datePublic": "2026-01-28T07:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality."
}
],
"value": "SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T07:30:09.503Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40536"
},
{
"tags": [
"release-notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends customers upgrade to Web Help Desk version 2026.1."
}
],
"value": "SolarWinds recommends customers upgrade to Web Help Desk version 2026.1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Web Help Desk Security Control Bypass Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2025-40536",
"datePublished": "2026-01-28T07:30:09.503Z",
"dateReserved": "2025-04-16T08:00:57.647Z",
"dateUpdated": "2026-02-26T15:04:49.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-26399 (GCVE-0-2025-26399)
Vulnerability from cvelistv5 – Published: 2025-09-23 05:07 – Updated: 2026-03-09 22:20
VLAI?
Title
SolarWinds Web Help Desk Deserialization of Untrusted Data Privilege Escalation Vulnerability
Summary
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.
Severity ?
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.7 and below
|
Credits
Anonymous working with Trend Micro Zero Day Initiative
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26399",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T18:21:13.412619Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-03-09",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-26399"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T22:20:24.321Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.microsoft.com/en-us/security/blog/2026/02/06/active-exploitation-solarwinds-web-help-desk/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-26399"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-09T00:00:00.000Z",
"value": "CVE-2025-26399 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.7 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Anonymous working with Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986."
}
],
"value": "SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248: Untrusted Execution Flow"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T05:07:14.702Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26399"
},
{
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends customers to upgrade to Web Help Desk version 12.8.7 HF1 as soon as is practical."
}
],
"value": "SolarWinds recommends customers to upgrade to Web Help Desk version 12.8.7 HF1 as soon as is practical."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Web Help Desk Deserialization of Untrusted Data Privilege Escalation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2025-26399",
"datePublished": "2025-09-23T05:07:14.702Z",
"dateReserved": "2025-02-08T00:19:09.395Z",
"dateUpdated": "2026-03-09T22:20:24.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-28988 (GCVE-0-2024-28988)
Vulnerability from cvelistv5 – Published: 2025-09-01 21:18 – Updated: 2026-02-26 17:49
VLAI?
Title
SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability
Summary
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research.
We recommend all Web Help Desk customers apply the patch, which is now available.
We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.
Severity ?
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.3 HF 2 and previous versions
|
Credits
Guy Lederfein of Trend Micro
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28988",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-03T03:55:25.330470Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:49:55.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.3 HF 2 and previous versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Guy Lederfein of Trend Micro"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cp\u003eSolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research.\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eWe recommend all Web Help Desk customers apply the patch, which is now available.\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eWe thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. \u0026nbsp; \u003c/p\u003e\u003c/div\u003e"
}
],
"value": "SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research.\u00a0\n\n\n\n\n\nWe recommend all Web Help Desk customers apply the patch, which is now available.\u00a0\n\n\n\n\n\nWe thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T21:18:58.626Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-3"
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28988"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "All SolarWinds Web Help Desk customers are advised to upgrade to the latest version of the SolarWinds Web Help Desk 12.8.3 HF 3"
}
],
"value": "All SolarWinds Web Help Desk customers are advised to upgrade to the latest version of the SolarWinds Web Help Desk 12.8.3 HF 3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-28988",
"datePublished": "2025-09-01T21:18:58.626Z",
"dateReserved": "2024-03-13T20:27:09.782Z",
"dateUpdated": "2026-02-26T17:49:55.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-26400 (GCVE-0-2025-26400)
Vulnerability from cvelistv5 – Published: 2025-07-29 08:07 – Updated: 2025-07-29 13:47
VLAI?
Title
SolarWinds Web Help Desk XML External Entity Injection (XXE) Vulnerability
Summary
SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files.
Severity ?
5.3 (Medium)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.6 and previous versions
|
Credits
DieuLink, Nhiephon, and chung96vn from GCSC Vietnam
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26400",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T13:47:11.601984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T13:47:18.609Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.6 and previous versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "DieuLink, Nhiephon, and chung96vn from GCSC Vietnam"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files."
}
],
"value": "SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files."
}
],
"impacts": [
{
"capecId": "CAPEC-201",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-201 XML Entity Linking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T08:07:38.230Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26400"
},
{
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends customers upgrade to Web Help Desk version 12.8.7 as soon as is practical.\u003cbr\u003e"
}
],
"value": "SolarWinds recommends customers upgrade to Web Help Desk version 12.8.7 as soon as is practical."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Web Help Desk XML External Entity Injection (XXE) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2025-26400",
"datePublished": "2025-07-29T08:07:38.230Z",
"dateReserved": "2025-02-08T00:19:09.395Z",
"dateUpdated": "2025-07-29T13:47:18.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28989 (GCVE-0-2024-28989)
Vulnerability from cvelistv5 – Published: 2025-02-11 07:13 – Updated: 2025-02-11 15:27
VLAI?
Title
SolarWinds Web Help Desk Cryptographic Key Management Vulnerability
Summary
SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software.
Severity ?
5.5 (Medium)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.4 and previous versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28989",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T15:26:54.819240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T15:27:11.512Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.4 and previous versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software."
}
],
"value": "SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software."
}
],
"impacts": [
{
"capecId": "CAPEC-191",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-191: Read Sensitive Constants Within an Executable"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T07:13:05.768Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28989"
},
{
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-5_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends customers upgrade to SolarWinds\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWeb Help Desk version 12.8.5.\u003c/span\u003e\n\n as soon as it becomes available.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "SolarWinds recommends customers upgrade to SolarWinds\u00a0\n\nWeb Help Desk version 12.8.5.\n\n as soon as it becomes available."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Web Help Desk Cryptographic Key Management Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-28989",
"datePublished": "2025-02-11T07:13:05.768Z",
"dateReserved": "2024-03-13T20:27:09.782Z",
"dateUpdated": "2025-02-11T15:27:11.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}