CVE-2025-40537

HIGH

Solarwinds Web Help Desk < 2026.1 - Hard-coded Credentials

Title source: rule

Description

SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions.

References (2)

[Vendor Advisory] https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40537

[Release Notes] https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm

Scores

CVSS v3 7.5

EPSS 0.0001

EPSS Percentile 2.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-798

Status published

Products (1)

solarwinds/web_help_desk < 2026.1

Published Jan 28, 2026

Tracked Since Feb 18, 2026