Shodan
Vulnerabilities
Vulnerable Software
Solarwinds:  >> Web Help Desk  >> 12.8.4  Security Vulnerabilities
CVE-2025-40537
SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-01-28
CVE-2025-40551
Known exploited
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
CVSS Score
9.8
EPSS Score
0.777
Published
2026-01-28
CVE-2025-40552
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-01-28
CVE-2025-40553
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
CVSS Score
9.8
EPSS Score
0.011
Published
2026-01-28
CVE-2025-40554
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-01-28
CVE-2025-40536
Known exploited
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.
CVSS Score
8.1
EPSS Score
0.691
Published
2026-01-28
CVE-2025-26399
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.
CVSS Score
9.8
EPSS Score
0.129
Published
2025-09-23
CVE-2025-26400
SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-07-29
CVE-2024-28989
SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-02-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved