CVE-2025-40554

CRITICAL NUCLEI

Solarwinds Web Help Desk < 2026.1 - Authentication Bypass

Title source: rule

Description

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.

Exploits (2)

nomisec WORKING POC 1 stars

by imbas007 · poc

https://github.com/imbas007/auth-bypass-CVE-2025-40554

View Code ZIP pw:eip

nomisec WORKING POC

by Skynoxk · poc

https://github.com/Skynoxk/CVE-2025-40554

View Code ZIP pw:eip

Nuclei Templates (1)

SolarWinds Web Help Desk - Authentication Bypass

CRITICALVERIFIEDby Bushi-gg

Shodan: http.favicon.hash:"1895809524"

FOFA: icon_hash="1895809524"

References (2)

[Release Notes] https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm

[Vendor Advisory] https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40554

Scores

CVSS v3 9.8

EPSS 0.0777

EPSS Percentile 91.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-1390

Status published

Affected Products (1)

solarwinds/web_help_desk < 2026.1

Timeline

Published Jan 28, 2026

Tracked Since Feb 18, 2026