**SolarWinds Addresses Four Critical Web Help Desk Flaws**
In a recent development, SolarWinds has addressed four critical Web Help Desk flaws that could have left vulnerable systems exposed to severe risks. The company released security updates to patch six Web Help Desk vulnerabilities, including the four critical bugs that allow unauthenticated remote code execution or authentication bypass.
The three critical flaws identified by watchTowr, specifically by researcher Piotr Bazydlo, affect SolarWinds Web Help Desk and can be exploited without authentication. This highlights the importance of prompt patching to prevent potential attacks.
### **CVE-2025-40552: Authentication Bypass Vulnerability**
The first issue, tracked as CVE-2025-40552, is an authentication bypass vulnerability that allows a remote attacker to circumvent access controls and execute actions and methods that should only be available to authenticated users. Exploitation of this flaw could give an attacker broad control over the application.
### **CVE-2025-40553: Deserialization of Untrusted Data**
The second vulnerability, CVE-2025-40553, is caused by the deserialization of untrusted data and can be exploited to achieve remote code execution. Because authentication is not required, an attacker could run arbitrary commands on the underlying host system, potentially leading to a full system compromise.
### **CVE-2025-40554: Another Authentication Bypass Vulnerability**
The third flaw, CVE-2025-40554, is another authentication bypass vulnerability that enables an attacker to invoke specific internal actions within Web Help Desk without proper authorization. While more targeted in scope, successful exploitation could still allow unauthorized access to sensitive functionality and be used as a stepping stone for further attacks.
### **CVE-2025-40551: Critical Flaw with Remote Code Execution**
The fourth critical flaw, tracked as CVE-2025-40551, was found by Jimi Sebree of Horizon3.ai and affects SolarWinds Web Help Desk through the deserialization of untrusted data. This vulnerability allows an unauthenticated attacker to achieve remote code execution, enabling the execution of arbitrary commands on the underlying host system and potentially leading to a complete compromise of the affected server.
### **Recommendation from Horizon3**
"We discovered a handful of security issues in Solarwinds Web Help Desk. These issues include... These vulnerabilities are easily exploitable and enable unauthenticated attackers to achieve remote code execution on vulnerable Solarwinds Web Help Desk instances." reads the advisory published by Horizon3. "Solarwinds has stated that these issues are patched in Web Help Desk version 2026.1, and we encourage all users to upgrade as soon as possible."
### **CVSS Scores**
All the critical flaws have a CVSS score of 9.8.
### **Additional High-Severity Vulnerabilities**
Horizon3.ai also identified two high-severity vulnerabilities: CVE-2025-40536, which is a security control bypass vulnerability that could allow an unauthenticated attacker to access certain restricted functionality within Web Help Desk; and CVE-2025-40537, which involves the presence of hardcoded credentials in SolarWinds Web Help Desk. Under specific conditions, this vulnerability could be exploited to gain access to administrative functions, significantly increasing the risk of privilege escalation and unauthorized system management.
### **Conclusion**
Web Help Desk version 2026.1 has fixed all these six vulnerabilities. It's essential for users to prioritize upgrading their systems to ensure they are protected from these critical flaws. The combination of these findings underscores systemic weaknesses in authentication, authorization, and secure coding practices within SolarWinds Web Help Desk.
Stay up-to-date with the latest security news and updates by following me on Twitter: @securityaffairs and Facebook and Mastodon.