Critical SolarWinds Web Help Desk Vulnerabilities Patched

SolarWinds patched multiple critical security flaws in its Web Help Desk software on January 29, 2026, after researchers found severe vulnerabilities enabling total system takeover. Among the six issues are four critical vulnerabilities rated 9.8 on the CVSS scale, which allow unauthenticated remote code execution.

Two of the critical flaws, CVE-2025-40551 and CVE-2025-40553, are untrusted data deserialization issues that let attackers run arbitrary commands. Consequently, an RCE via deserialization is a highly reliable vector for attackers to leverage. The other two critical flaws, CVE-2025-40552 and CVE-2025-40554, are authentication bypasses that can also lead to RCE.

Researchers Jimi Sebree from Horizon3.ai and Piotr Bazydlo from watchTowr discovered the vulnerabilities, which are all fixed in WHD 2026.1. Meanwhile, a detailed post by Sebree described CVE-2025-40551 as a deserialization issue from the AjaxProxy functionality.

The company has a history of patching similar flaws in Web Help Desk, including CVE-2024-28986 and CVE-2024-28987. Previously, the U.S. Cybersecurity and Infrastructure Security Agency added those older flaws to its Known Exploited Vulnerabilities catalog due to active exploitation. Therefore, customers must urgently update to the latest version to mitigate this significant risk.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

• XRP at $1.88: Real Utility Investment or Social Media Hype?
• Bybit to launch crypto banking service in February
• Schiff Warns Dollar Collapse; Gold Set to Replace It in 2026
• SoftBank eyes $30B as OpenAI seeks $60B from Big Tech deals.
• Millionaire XRP wallets rise; ETFs flow in amid price slumps