CVE-2025-40537 | THREATINT

Description

SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions.

PUBLISHED Reserved 2025-04-16 | Published 2026-01-28 | Updated 2026-02-03 | Assigner SolarWinds

HIGH: 7.5CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-798 Use of Hard-coded Credentials

Product status

Default status

affected

12.8.8 HF1 and below

affected

Credits

Jimi Sebree working with Horizon3.ai reporter

References

www.solarwinds.com/...ter/security-advisories/CVE-2025-40537 vendor-advisory patch

documentation.solarwinds.com/...whd_2026-1_release_notes.htm release-notes

cve.org (CVE-2025-40537)

nvd.nist.gov (CVE-2025-40537)

Download JSON