[CIVN-2026-0060] Multiple Vulnerabilities in SolarWinds
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in SolarWinds
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: CRITICAL
Software Affected
SolarWinds Web Help Desk version 12.8.8 HF1 and prior
Overview
Multiple vulnerabilities have been reported in SolarWinds products which could allow a remote unauthenticated attacker to bypass authentication mechanisms, access administrative and protected application functions, and execute arbitrary code on the targeted system.
Target Audience:
All organizations and individuals using SolarWinds products.
Risk Assessment:
Risk of unauthorized access, authentication bypass, arbitrary code execution, and full system compromise.
Impact Assessment:
Potential for arbitrary code execution, system configuration manipulation, data exposure and gaining elevated unauthorized access.
Description
SolarWinds Web-Help-Desk is an IT help desk and asset management software that automates ticketing, streamlines support requests, and tracks hardware and software assets to improve IT operations.
Multiple vulnerabilities exist in SolarWinds Web-Help-Desk due to improper enforcement of authentication controls, the presence of hardcoded credentials, and insecure deserialization of untrusted data.
Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to bypass authentication mechanisms, access administrative and protected application functions, and execute arbitrary code on the targeted system.
Solution
Apply appropriate updates as mentioned as mentioned in the vendor advisory:
https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40552
https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40537
https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40551
https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40554
https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40553
https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40536
Vendor Information
SolarWinds
https://www.solarwinds.com/trust-center/security-advisories
References
SolarWinds
https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40552
https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40537
https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40551
https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40554
https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40553
https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40536
CVE Name
CVE-2025-40552
CVE-2025-40537
CVE-2025-40551
CVE-2025-40554
CVE-2025-40553
CVE-2025-40536
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAml8zmQACgkQ3jCgcSdc
ys+vzA//akTUV4VydEXlNSdHPOiwY/1p2ibHhxdzNwCEpEiU6sEsCqHw8ENzPFU/
aTvHWTQ6vk3a3xOoW74LdBcAcsQhgJneb9uZPohDofEB5+PXxvGtHlF1DLj9LX1s
DOOOSWrYbmSdh/ZeeReV+M7ONWQz74s0Md74VtvlMcOn9G58ED+AVX99A2U3tN+k
KNMjDVsaiDHVbdZraXfAhUoYxP3bhq624gbpwAkayMZdrpIkJy6xfmNWx4wIPBMz
5Kxj8jsuyoQa8+JCOFocbO03qeDFaRarafvGtXpABhjzPaT1Kkm/ZtYDy+6TTMEJ
knu9IOm6Nk9620P9jTizpZgg8UCiaSkggMOj5VbyaX4qbzxHWDy8swT5pmk7OznG
P+k8FubzTvFh70FVUdpF7whC4QDWEiUWlUYgLd+iq3dpYE63WTJtS6nao2HkvBeS
KwdxF48kc6Wacp0092kEjj4tikt2t0Rv986P41p1MpNS2KQSkfzhI0f8zObtmVY4
GXJcR82rzO7T5F9KE+gHsCSbBaFPamd8jpbsTl7N7KBxs3n0sT4+VZ839VAjOiNe
layK/SSLVYJglEjST8ilQuqCEI1Z0pjlCnO2Btr0IEeA9k4LPLY3Zpu8Yfb5sxzy
oJj+LKc+n8TjbT6s/VWLsP5oQQ+fH9pH1ZhZQ6bDX8rZnNxvwMA=
=c07O
—–END PGP SIGNATURE—–
![[CIVN-2026-0062] Multiple Remote Code Execution Vulnerabilities in n8n](https://teamwin.in/wp-content/uploads/2025/06/certin-new-e1751351599950-500x383.png)
