Threat Intelligence / CVE / CVE-2025-40554

CVE-2025-40554

Ransomware

CVSS 9.8 (CRITICAL) · EPSS 6.1% · Published 2026-01-28

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-1390

Threats tracking this CVE

SolarWinds Web Help Desk Deserialization RCE - CISA KEV — CRITICAL

References

https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm
https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40554

Full detection coverage & IOCs for threats exploiting CVE-2025-40554 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence