CVE-2025-40554

CRITICAL EXPLOITED RANSOMWARE NUCLEI

SolarWinds Web Help Desk < 2026.1 - Authentication Bypass

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2025-40554 has been observed exploited in the wild (reported by VulnCheck KEV), including in ransomware campaigns. EIP tracks 2 public exploits from researchers including imbas007, Skynoxk. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a Python-based proof-of-concept exploit for CVE-2025-40554, an authentication bypass vulnerability in SolarWinds Web Help Desk. The exploit demonstrates session manipulation and login bypass techniques, with options for single or bulk target testing.

Description

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.

Exploits (2)

nomisec WORKING POC 1 stars
by imbas007 · client-side
https://github.com/imbas007/auth-bypass-CVE-2025-40554

This repository contains a Python-based proof-of-concept exploit for CVE-2025-40554, an authentication bypass vulnerability in SolarWinds Web Help Desk. The exploit demonstrates session manipulation and login bypass techniques, with options for single or bulk target testing.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: SolarWinds Web Help Desk
No auth needed
Prerequisites: Network access to the target SolarWinds Web Help Desk instance · Target must be unpatched and vulnerable to CVE-2025-40554
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by Skynoxk · poc
https://github.com/Skynoxk/CVE-2025-40554

This is a Python-based exploit for CVE-2025-40554, targeting SolarWinds Web Help Desk. It includes authentication bypass detection, automated login testing, and session management for further exploitation.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: SolarWinds Web Help Desk
No auth needed
Prerequisites: Network access to the target SolarWinds Web Help Desk instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

SolarWinds Web Help Desk - Authentication Bypass
CRITICALVERIFIEDby Bushi-gg
Shodan: http.favicon.hash:"1895809524"
FOFA: icon_hash="1895809524"

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0629
EPSS Percentile 91.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

VulnCheck KEV 2026-05-01
Ransomware Use Confirmed
CWE
CWE-1390
Status published
Products (1)
solarwinds/web_help_desk < 2026.1
Published Jan 28, 2026
Tracked Since Feb 18, 2026