Article Details

SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws. SolarWinds has released security updates to patch critical authentication bypass and remote command execution vulnerabilities in its Web Help Desk IT help desk software. The authentication bypass security flaws (tracked as CVE-2025-40552 and CVE-2025-40554) patched today by SolarWinds were reported by watchTowr's Piotr Bazydlo and can be exploited by remote unauthenticated threat actors in low-complexity attacks. Bazydlo also found and reported a critical remote code execution (RCE) flaw (CVE-2025-40553) stemming from an untrusted data deserialization weakness that can enable attackers without privileges to run commands on vulnerable hosts. A second RCE vulnerability (CVE-2025-40551) reported by Horizon3.ai security researcher Jimi Sebree can also enable unauthenticated attackers to execute commands remotely. Today, SolarWinds also patched a high-severity hardcoded credentials vulnerability (CVE-2025-40537) discovered by Sebree that, under unspecified circumstances, could grant threat actors with low privileges unauthorized access to administrative functions. The company provides detailed instructions for upgrading vulnerable servers to Web Help Desk 2026.1, which addresses these security flaws. Admins are advised to patch their devices as soon as possible, as hackers have frequently exploited Web Help Desk security vulnerabilities in attacks. For instance, in September, SolarWinds addressed a second patch bypass (CVE-2025-26399) for a WHD RCE flaw that CISA flagged as actively exploited in attacks more than a year earlier, adding it to its catalog of exploited security bugs and ordering federal agencies to secure their systems within three weeks. At the time, SolarWinds said that the vulnerability was "a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986." CISA also tagged a critical Web Help Desk hardcoded credentials flaw as actively exploited in October 2024, again asking government agencies to patch their devices. Web Help Desk (WHD) is widely used by large corporations, healthcare organizations, educational institutions, and government agencies for help desk management. SolarWinds says that its IT management products are used by more than 300,000 customers worldwide. The 2026 CISO Budget Benchmark It's budget season! Over 300 CISOs and security leaders have shared how they're planning, spending, and prioritizing for the year ahead. This report compiles their insights, allowing readers to benchmark strategies, identify emerging trends, and compare their priorities as they head into 2026. Learn how top leaders are turning investment into measurable impact.