Full Report
SolarWinds security advisory (AV26-063) - Update 1
Analysis Summary
# Vulnerability: SolarWinds Web Help Desk Vulnerability (CVE-2025-40551)
## CVE Details
- CVE ID: CVE-2025-40551
- CVSS Score: Information not explicitly provided, but presence in CISA KEV suggests **High severity**.
- CWE: Information not explicitly provided.
## Affected Systems
- Products: SolarWinds Web Help Desk
- Versions:
- Versions prior to 2026.1
- Version 12.8.8 HF1 and prior
- Configurations: Not specified.
## Vulnerability Description
The advisory indicates a critical vulnerability in SolarWinds Web Help Desk leading to inclusion in the CISA KEV catalog, implying potential severe impact, though specific technical details of the flaw are not detailed in this summary update.
## Exploitation
- Status: **Exploited in the wild** (Added to CISA KEV Database on February 3, 2026)
- Complexity: Information not explicitly provided, but KEV status often implies low to medium complexity.
- Attack Vector: Information not explicitly provided.
## Impact
Impact details (Confidentiality, Integrity, Availability) are not explicitly detailed in this update but are expected to be significant given its inclusion in the KEV list.
## Remediation
### Patches
- SolarWinds Web Help Desk version **2026.1**
- (Implied: Patches corresponding to 12.8.8 HF1+ for that branch)
### Workarounds
- No specific workarounds were detailed in this update.
## Detection
- Detection methods are not explicitly detailed, but monitoring for indicators related to a patch for CVE-2025-40551 is recommended.
- Organizations should utilize vendor guidance and CISA KEV advisories for IOCs.
## References
- Vendor Advisories: https://www.solarwinds.com/trust-center/security-advisories
- CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-40551