Solarwinds: >> Web Help Desk >> 12.7.6 Security Vulnerabilities
SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-01-28
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
Known exploited
CVSS Score
9.8
EPSS Score
0.777
Published
2026-01-28
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-01-28
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
CVSS Score
9.8
EPSS Score
0.011
Published
2026-01-28
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-01-28
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.
Known exploited
CVSS Score
8.1
EPSS Score
0.691
Published
2026-01-28
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.
CVSS Score
9.8
EPSS Score
0.129
Published
2025-09-23
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research.
We recommend all Web Help Desk customers apply the patch, which is now available.
We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.
CVSS Score
9.8
EPSS Score
0.055
Published
2025-09-01
SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-07-29
SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-02-11
Page 1