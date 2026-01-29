SolarWinds has fixed six critical and high-severity vulnerabilities in its popular Web Help Desk (WHD) support ticketing and asset management solution, and is urging customers to upgrade to v2026.1 as soon as possible.

The vulnerabilities

The WHD vulnerabilities fixed were unearthed by Jimi Sebree from Horizon3.ai and Piotr Bazydlo from watchTowr.

Sebree flagged a security control bypass flaw (CVE-2025-40536), hardcoded/static credentials (CVE-2025-40537), and an untrusted data deserialization vulnerability (CVE-2025-40551).

While the first two may allow unauthenticated attackers to gain access to restricted functionality or administrative functions, CVE-2025-40551 may allow them to achieve remote code execution and execute payloads and commands on the host machine. (More often than not, WHD is deployed on on-premise company servers.)

Following the release of the fixes, Sebree shared technical details about these vulnerabilities, loosely outlined how they can be exploited, and gave a quick rundown on indicators of compromise that might show up in WHD logs after successful exploitation attempts.

Bazydlo discovered two authentication bypass flaws (CVE-2025-40552 and CVE-2025-40554) and an untrusted data deserialization vulnerability (CVE-2025-40553). All three are deemed critical by SolarWinds.

No in-the-wild exploitation detected (for now)

The vulnerabilities affect SolarWinds Web Help Desk versions 12.8.8 Hotfix 1 and below and have been fixed in v2026.1.

There is currently no indication of any of them being actively exploited, but that state of affairs may soon change.

WHD is an IT help desk solution used by many organizations, small and medium-size businesses, and managed service providers around the world.

In 2024, SolarWinds fixed two vulnerabilities – CVE-2024-28986 and CVE-2024-28987 – that were picked up and leveraged by attackers within days and months of their disclosure.

