SolarWinds Web Help Desk contains an authentication bypass vulnerability caused by improper access control, letting attackers execute protected actions without authentication, exploit requires no special conditions. [已公开] id: CVE-2025-40552 info: name: SolarWinds Web Help Desk - Authentication Bypass author: watchTowr,DhiyaneshDk severity: critical description: | SolarWinds Web Help Desk contains an authentication bypass vulnerability caused by improper access control, letting attackers execute protected actions without authentication, exploit requires no special conditions. impact: | Attackers can execute protected actions without authentication, potentially compromising system integrity and data security. remediation: Update to the latest version of SolarWinds Web Help Desk. reference: - https://github.com/watchtowrlabs/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553 - https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40552 - https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm - https://nvd.nist.gov/vuln/detail/CVE-2025-40552 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:

未知