SolarWinds has released critical security updates for its Web Help Desk (WHD) software to address several high-impact vulnerabilities, including authentication bypass and remote code execution (RCE). The most severe flaws, tracked as CVE-2025-40552 and CVE-2025-40554, allow unauthenticated remote attackers to bypass security measures in low-complexity attacks. Additionally, multiple RCE vulnerabilities (CVE-2025-40553 and CVE-2025-40551) stemming from untrusted data deserialization issues were patched, which could allow unauthorized command execution on target hosts.
The update also resolves a high-severity hardcoded credentials vulnerability (CVE-2025-40537) that could grant unauthorized access to administrative functions. Since Web Help Desk is extensively used by government agencies, healthcare providers, and large enterprises, and given SolarWinds' history of targeted exploits, security professionals are strongly advised to upgrade to version 2026.1 immediately to prevent potential compromise.
Top comments (0)