CVE-2025-40552
Published: 28 January 2026
Summary
CVE-2025-40552 is a critical-severity Weak Authentication (CWE-1390) vulnerability in Solarwinds Web Help Desk. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 7.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-8 (Identification and Authentication (Non-organizational Users)).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely remediation of identified flaws, such as applying SolarWinds patches for this authentication bypass vulnerability.
Mandates identification and authentication for non-organizational users, directly preventing remote unauthenticated attackers from bypassing controls.
Enforces approved authorizations for access to protected resources, countering the vulnerability's ability to execute privileged actions without authentication.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2025-40552 is an authentication bypass vulnerability in the public-facing SolarWinds Web Help Desk application, directly enabling exploitation of a public-facing application (T1190).
NVD Description
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.
Deeper analysisAI
CVE-2025-40552 is an authentication bypass vulnerability in SolarWinds Web Help Desk. If exploited, it allows a malicious actor to execute actions and methods that should be protected by authentication. The issue, published on 2026-01-28, carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-1390.
The vulnerability enables exploitation by any remote, unauthenticated attacker over the network with low attack complexity and no user interaction. Successful exploitation bypasses authentication controls, granting the attacker access to perform privileged operations and potentially achieving high impacts on confidentiality, integrity, and availability of the affected system.
SolarWinds provides mitigation guidance in its security advisory at https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40552 and release notes for Web Help Desk 2026.1 at https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm. A proof-of-concept script demonstrating exploitation of CVE-2025-40552 (alongside CVE-2025-40553) is publicly available on GitHub at https://github.com/watchtowrlabs/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553/blob/main/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553.py.
Details
- CWE(s)