Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN094 _____________________________________________________________________ DATE : 29/01/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running SolarWinds Web Help Desk versions prior to 2026.1. ===================================================================== https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40552 https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40551 https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40554 https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40553 https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40536 https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40537 _____________________________________________________________________ SolarWinds Web Help Desk Authentication Bypass Vulnerability (CVE-2025-40552) Summary SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication. Affected Products SolarWinds Web Help Desk 12.8.8 HF1 and all previous versions Fixed Software Release SolarWinds Web Help Desk 2026.1 Acknowledgments Piotr Bazydlo working with watchTowr Advisory Details Severity 9.8 Critical Advisory ID CVE-2025-40552 First Published 01/28/2026 Fixed Version SolarWinds Web Help Desk 2026.1 CVSS Score CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H SolarWinds was founded by IT professionals solving complex problems in the simplest way, and we have carried that spirit forward since 1999. We take pride in relentlessly listening to our customers to develop a deeper understanding of the challenges they face. Our digital agility solutions are built to help companies of any size accelerate business transformation today and into the future. _____________________________________________________________________ SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVE-2025-40551) Summary SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication. Affected Products SolarWinds Web Help Desk 12.8.8 HF1 and all previous versions Fixed Software Release SolarWinds Web Help Desk 2026.1 Acknowledgments Jimi Sebree working with Horizon3.ai Advisory Details Severity 9.8 Critical Advisory ID CVE-2025-40551 First Published 01/28/2026 Fixed Version SolarWinds Web Help Desk 2026.1 CVSS Score CVSS:3.0/ AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H SolarWinds was founded by IT professionals solving complex problems in the simplest way, and we have carried that spirit forward since 1999. We take pride in relentlessly listening to our customers to develop a deeper understanding of the challenges they face. Our digital agility solutions are built to help companies of any size accelerate business transformation today and into the future. _____________________________________________________________________ SolarWinds Web Help Desk Authentication Bypass Vulnerability (CVE-2025-40554) Summary SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk. Affected Products SolarWinds Web Help Desk 12.8.8 HF1 and all previous versions Fixed Software Release SolarWinds Web Help Desk 2026.1 Acknowledgments Piotr Bazydlo working with watchTowr Advisory Detail Severity 9.8 Critical Advisory ID CVE-2025-40554 First Published 01/28/2026 Fixed Version SolarWinds Web Help Desk 2026.1 CVSS Score CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H SolarWinds was founded by IT professionals solving complex problems in the simplest way, and we have carried that spirit forward since 1999. We take pride in relentlessly listening to our customers to develop a deeper understanding of the challenges they face. Our digital agility solutions are built to help companies of any size accelerate business transformation today and into the future. _____________________________________________________________________ SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVE-2025-40553) Summary SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication. Affected Products SolarWinds Web Help Desk 12.8.8 HF1 and all previous versions Fixed Software Release SolarWinds Web Help Desk 2026.1 Acknowledgments Piotr Bazydlo working with watchTowr Advisory Detail Severity 9.8 Critical Advisory ID CVE-2025-40553 First Published 01/28/2026 Fixed Version SolarWinds Web Help Desk 12.8.8 HF2 CVSS Score CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H SolarWinds was founded by IT professionals solving complex problems in the simplest way, and we have carried that spirit forward since 1999. We take pride in relentlessly listening to our customers to develop a deeper understanding of the challenges they face. Our digital agility solutions are built to help companies of any size accelerate business transformation today and into the future. _____________________________________________________________________ SolarWinds Web Help Desk Security Control Bypass Vulnerability (CVE-2025-40536) Summary SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality. Affected Products SolarWinds Web Help Desk 12.8.8 HF1 and all previous versions Fixed Software Release SolarWinds Web Help Desk 2026.1 Acknowledgments Jimi Sebree working with Horizon3.ai Advisory Details Severity 8.1 High Advisory ID CVE-2025-40536 First Published 01/28/2026 Fixed Version SolarWinds Web Help Desk 2026.1 CVSS Score CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H SolarWinds was founded by IT professionals solving complex problems in the simplest way, and we have carried that spirit forward since 1999. We take pride in relentlessly listening to our customers to develop a deeper understanding of the challenges they face. Our digital agility solutions are built to help companies of any size accelerate business transformation today and into the future. _____________________________________________________________________ SolarWinds Web Help Desk Hardcoded Credentials Vulnerability (CVE-2025-40537) Summary SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions. Affected Products SolarWinds Web Help Desk 12.8.8 HF1 and all previous versions Fixed Software Release SolarWinds Web Help Desk 2026.1 Acknowledgments Jimi Sebree working with Horizon3.ai Advisory Details Severity 7.5 High Advisory ID CVE-2025-40537 First Published 01/28/2026 Fixed Version SolarWinds Web Help Desk 2026.1 CVSS Score CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H SolarWinds was founded by IT professionals solving complex problems in the simplest way, and we have carried that spirit forward since 1999. We take pride in relentlessly listening to our customers to develop a deeper understanding of the challenges they face. Our digital agility solutions are built to help companies of any size accelerate business transformation today and into the future. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================