Initiatieven voor
Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
Warning: Actively exploited vulnerabilities in SolarWinds Web Help Desk, Patch Immediately!
Image
Gepubliceerd : 13/02/2026
Sources
Web Help Desk 2026.1 Release notes: https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm
Risks
SolarWinds Web Help Desk (WHD) is an IT service management solution.
Multiple high- and critical vulnerabilities have been identified in WHD. Several of these allow unauthenticated attackers to bypass authentication or execute remote code. This means an attacker could compromise a vulnerable server without valid credentials or user interaction.
Successful exploitation could lead to data breaches, system manipulation, and service disruption or ransomware.
Given the presence of critical, remotely exploitable vulnerabilities, including remote code execution, organisations should urgently update affected systems.
Description
CVE-2025-40536: SolarWinds Web Help Desk (High - Actively Exploited)
A security control bypass (CWE-693) allowing unauthenticated attackers to access restricted functionality. Although exploitation requires specific conditions, it is actively exploited and can expose sensitive functionality to unauthorised users.
CVE-2025-40537: SolarWinds Web Help Desk (High - Hardcoded Credentials)
A hardcoded credentials vulnerability (CWE-798) that may allow access to administrative functions under certain conditions. An attacker could leverage embedded credentials to escalate privileges and gain administrative access.
CVE-2025-40552: SolarWinds Web Help Desk (Critical - Authentication Bypass)
An authentication bypass vulnerability (CWE-1390) that allows unauthenticated attackers to execute protected actions.
CVE-2025-40553: SolarWinds Web Help Desk (Critical - Remote Code Execution)
An insecure deserialization vulnerability (CWE-502) enabling unauthenticated remote code execution. An attacker can execute arbitrary commands on the host system.
CVE-2025-40554: SolarWinds Web Help Desk (Critical - Authentication Bypass)
A second authentication bypass vulnerability (CWE-1390) allowing unauthorised invocation of specific application actions, potentially resulting in data manipulation or further compromise.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.