CVE-2025-40537

Name of the Vulnerable Software and Affected Versions SolarWinds Web Help Desk versions prior to 12.8.1

Description SolarWinds Web Help Desk is susceptible to a hardcoded credentials issue that, in certain scenarios, could allow access to administrative functions. Attackers can identify exposed instances through scanning and fingerprinting, then attempt authentication using the hardcoded credential pathway. Successful exploitation could lead to unauthorized access to the Web Help Desk user interface and API, enabling enumeration of tickets, users, and configuration details. This could also provide a foothold for broader internal abuse, such as data theft, phishing via tickets, and abuse of trusted integrations. The root cause is the use of hard-coded credentials (CWE-798) embedded in the application, which bypass normal authentication controls.

Recommendations Upgrade SolarWinds Web Help Desk to version 12.8.1 or a newer patched version provided by SolarWinds. Restrict access to the Web Help Desk immediately, allowing only access from VPNs or jump hosts and blocking direct internet exposure at the firewall or reverse proxy. Add temporary detections and controls for suspicious authentication attempts and admin session creation. Review authentication logs for anomalous successful logins and unusual admin actions. Hunt for indicators of compromise on the Web Help Desk host, such as webshells, new scheduled tasks, and suspicious outbound traffic. If exposed, isolate the server, preserve forensic snapshots, rotate credentials, and review connected systems for lateral movement.