SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws www.bleepingcomputer.com/news/secu…
SolarWinds has released security updates to patch critical authentication bypass and remote command execution vulnerabilities in its Web Help Desk IT help desk software.
The authentication bypass security flaws (tracked as CVE-2025-40552 and CVE-2025-40554) patched today by SolarWinds were reported by watchTowr’s Piotr Bazydlo and can be exploited by remote unauthenticated threat actors in low-complexity attacks.
Bazydlo also found and reported a critical remote code execution (RCE) flaw (CVE-2025-40553) stemming from an untrusted data deserialization weakness that can enable attackers without privileges to run commands on vulnerable hosts. A second RCE vulnerability (CVE-2025-40551) reported by Horizon3.ai security researcher Jimi Sebree can also enable unauthenticated attackers to execute commands remotely.
