SolarWinds has issued critical security updates for its Web Help Desk (WHD) software to address six vulnerabilities, including four rated as critical. These flaws, specifically CVE-2025-40551 and CVE-2025-40553, involve untrusted data deserialization that could allow unauthenticated attackers to execute remote code on the host machine. Other critical issues include authentication bypasses that grant unauthorized access to administrative functions using hard-coded credentials.
The vulnerabilities were discovered by researchers from Horizon3.ai and watchTowr. Security experts have highlighted the significant impact of these flaws, noting that RCE via deserialization is a highly reliable attack vector. Given that previous SolarWinds vulnerabilities have been actively exploited by threat actors and added to CISA's KEV catalog, organizations are strongly advised to upgrade to WHD version 2026.1 immediately to mitigate risk.
Top comments (0)