CVE-2025-40554CRITICAL 9.8EPSS p99.0%

CVE-2025-40554CVE-2025-40554

Description

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS57.31% probability of exploitation · percentile 99.0% · 2026-06-19T12:03:05Z
Published2026-01-28
Last modified2026-02-03

Underlying weaknesses· 1

CWE-1390

References

  1. https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm
  2. https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40554

1

TypeTargetConfidenceTier
WeaknessWeak Authenticationcwe-13900%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-40552
CVE
SolarWinds Web Help Desk Security Control Bypass Vulnerability
CVE
SolarWinds Web Help Desk Hardcoded Credential Vulnerability
CVE
CVE-2025-40553
CVE
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
CVE
SolarWinds Orion Authentication Bypass Vulnerability
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.