SolarWinds Warns of Critical Web Help Desk Vulnerabilities Exposing Systems to Takeover

CyberDefender 4 mins0

SolarWinds has rolled out security updates to fix several serious flaws in its Web Help Desk (WHD) product. The issues include a critical remote code execution (RCE) bug and authentication bypass vulnerabilities that can be exploited remotely without any login credentials.

According to the latest advisory, the most serious problems include:

  • Authentication bypass flaws (CVE-2025-40552 and CVE-2025-40554) that could allow attackers to skip login checks and access restricted areas of the application.
  • A critical RCE vulnerability (CVE-2025-26399) that lets attackers run arbitrary commands on affected systems without being authenticated.

SolarWinds has released patches and hotfixes to address these bugs and is urging administrators to apply them as soon as possible.

Technical details and impact

Remote Code Execution — CVE-2025-26399

  • Severity: Critical, with a CVSS score of about 9.8
  • Root cause: Unsafe Java deserialization in the AjaxProxy component, where attacker-controlled data is processed without proper validation
  • Attack scenario: An unauthenticated attacker can send specially crafted requests to execute commands remotely, potentially gaining full system-level control
  • Patch history: This marks the third attempt to fix similar deserialization issues, with earlier patches for related bugs (such as CVE-2024-28986 and CVE-2024-28988) being bypassed

Authentication bypass flaws

  • Tracked as CVE-2025-40552 and CVE-2025-40554
  • Allow attackers to access protected endpoints without valid credentials
  • Can be chained with other vulnerabilities to deepen compromise of the WHD environment

Why this matters

  • No login required: Attackers only need network access to the Web Help Desk interface
  • Potential full compromise: Exploitation could lead to malware installation, data theft, or complete system takeover
  • Repeated patch bypasses: The recurrence of deserialization issues suggests deeper architectural weaknesses
  • High exploitability: The near-maximum CVSS scores reflect both ease of exploitation and severe impact

Affected versions

All SolarWinds Web Help Desk versions up to 12.8.7 are affected unless updated with 12.8.7 Hotfix 1 or later.

What administrators should do

  • Patch immediately using the latest Web Help Desk updates or Hotfix 1
  • Confirm versions to ensure no unpatched instances remain in the environment
  • Back up systems before applying updates
  • Monitor logs and traffic for suspicious activity or exploit attempts
  • Limit exposure by restricting WHD access to trusted networks or VPNs

Bigger picture

Given SolarWinds’ history with high-impact security incidents—most notably the Orion supply-chain attack—these vulnerabilities underscore the need for fast patching, strong access controls, and continuous monitoring across enterprise environments.

CyberDefender