SolarWinds Web Help Desk Multiple High-Severity Vulnerabilities (RCE, Auth Bypass, Hardcoded Credentials)

### Critical Vulnerability Information #### Fixed CVEs | CVE-ID | Vulnerability Title | Description | Severity | Discoverer | | --- | --- | --- | --- | --- | | CVE-2025-4056 | SolarWinds Web Help Desk Security Control Bypass Vulnerability | SolarWinds Web Help Desk was found to have a security control bypass vulnerability, which may allow attackers to access certain restricted functions without authorization. | 8.8 High | Jimi Sebree from Horizon3.ai | | CVE-2025-4057 | SolarWinds Web Help Desk Hardcoded Credentials Vulnerability | SolarWinds Web Help Desk was found to have a hardcoded credentials vulnerability, which in some cases may allow unauthorized access to administrative functions. | 7.5 High | Jimi Sebree from Horizon3.ai | | CVE-2025-4051 | SolarWinds Web Help Desk Untrusted Data Deserialization Remote Code Execution Vulnerability | SolarWinds Web Help Desk was found to have an untrusted data deserialization vulnerability, which could lead to remote code execution, allowing attackers to run commands on the host without authentication. | 9.8 Critical | Jimi Sebree from Horizon3.ai | | CVE-2025-4052 | SolarWinds Web Help Desk Authentication Bypass Vulnerability | SolarWinds Web Help Desk was found to have an authentication bypass vulnerability; if exploited, it would allow malicious actors to perform actions and methods that should be protected by authentication. | 9.8 Critical | Piotr Bazydlo from watchTowr | | CVE-2025-4053 | SolarWinds Web Help Desk Untrusted Data Deserialization Remote Code Execution Vulnerability | SolarWinds Web Help Desk was found to have an untrusted data deserialization vulnerability, which could lead to remote code execution, allowing attackers to run commands on the host without authentication. | 9.8 Critical | Piotr Bazydlo from watchTowr | | CVE-2025-4054 | SolarWinds Web Help Desk Authentication Bypass Vulnerability | SolarWinds Web Help Desk was found to have an authentication bypass vulnerability; if exploited, it would allow attackers to invoke specific actions within Web Help Desk. | 9.8 Critical | Piotr Bazydlo from watchTowr |

Goal Reached Thanks to every supporter — we hit 100%!

SolarWinds Web Help Desk Multiple High-Severity Vulnerabilities (RCE, Auth Bypass, Hardcoded Credentials)