SOCRADAR reports that SolarWinds has released an urgent security update for Web Help Desk after disclosing six vulnerabilities, four of which are rated critical.
The flaws affect Web Help Desk versions 12.8.8 Hotfix 1 and earlier, and include CVE-2025-40551, CVE-2025-40553, CVE-2025-40552 and CVE-2025-40554, all with CVSS scores of 9.8, the first two involving deserialization that can lead to unauthenticated remote code execution, and the latter two enabling unauthenticated bypass of authentication to perform restricted actions.
A further two issues, CVE-2025-40536 and CVE-2025-40537, are described as high severity and involve access control bypass and hard-coded credentials, respectively. The advisory states there were no confirmed reports of active exploitation at the time, though PoC details or exploit code commonly raise risk quickly.
Organisations running vulnerable versions, especially where the application is reachable from untrusted networks, are urged to apply the 2026.1 update and review exposure as part of remediation, according to CISA.