嗯,用户让我帮忙总结一篇文章,控制在100字以内,而且不需要特定的开头。我得先仔细阅读文章内容,抓住主要信息。 文章讲的是SolarWinds发布了安全更新,修复了Web Help Desk软件中的几个关键漏洞。这些漏洞包括认证绕过和远程代码执行。漏洞是由不同的研究人员发现的,比如Piotr Bazydlo和Jimi Sebree。他们发现了多个CVE编号的漏洞,比如CVE-2025-40552、CVE-2025-40554、CVE-2025-40553等。 另外,还有一个硬编码凭证的高危漏洞(CVE-2025-40537),同样被修复了。SolarWinds建议用户尽快升级到最新版本Web Help Desk 2026.1,并且提到这些漏洞被黑客频繁利用,之前也有类似的情况发生。 我需要把这些信息浓缩到100字以内。首先说明SolarWinds修复了哪些类型的漏洞,然后提到修复的具体版本和建议用户升级。同时要提到这些漏洞可能带来的风险,比如被攻击者利用。 可能的结构是:SolarWinds修复了Web Help Desk中的多个关键漏洞,包括认证绕过和远程代码执行,并升级到新版本以提升安全性。 检查一下字数是否在限制内,并确保没有遗漏重要信息。 </think> SolarWinds修复了Web Help Desk中的多个关键漏洞,包括认证绕过、远程代码执行和硬编码凭证问题,并建议用户尽快升级到最新版本以提升安全性。 2026-1-28 14:45:23 Author: www.bleepingcomputer.com(查看原文) 阅读量:0 收藏
SolarWinds has released security updates to patch critical authentication bypass and remote command execution vulnerabilities in its Web Help Desk IT help desk software.
The authentication bypass security flaws (tracked as CVE-2025-40552 and CVE-2025-40554) patched today by SolarWinds were reported by watchTowr's Piotr Bazydlo and can be exploited by remote unauthenticated threat actors in low-complexity attacks.
Bazydlo also found and reported a critical remote code execution (RCE) flaw (CVE-2025-40553) stemming from an untrusted data deserialization weakness that can enable attackers without privileges to run commands on vulnerable hosts.
A second RCE vulnerability (CVE-2025-40551) reported by Horizon3.ai security researcher Jimi Sebree can also enable unauthenticated attackers to execute commands remotely.
Today, SolarWinds also patched a high-severity hardcoded credentials vulnerability (CVE-2025-40537) discovered by Sebree that, under unspecified circumstances, could grant threat actors with low privileges unauthorized access to administrative functions.
The company provides detailed instructions for upgrading vulnerable servers to Web Help Desk 2026.1, which addresses these security flaws.
Admins are advised to patch their devices as soon as possible, as hackers have frequently exploited Web Help Desk security vulnerabilities in attacks.
For instance, in September, SolarWinds addressed a second patch bypass (CVE-2025-26399) for a WHD RCE flaw that CISA flagged as actively exploited in attacks more than a year earlier, adding it to its catalog of exploited security bugs and ordering federal agencies to secure their systems within three weeks.
At the time, SolarWinds said that the vulnerability was "a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986."
CISA also tagged a critical Web Help Desk hardcoded credentials flaw as actively exploited in October 2024, again asking government agencies to patch their devices.
Web Help Desk (WHD) is widely used by large corporations, healthcare organizations, educational institutions, and government agencies for help desk management. SolarWinds says that its IT management products are used by more than 300,000 customers worldwide.
The 2026 CISO Budget Benchmark
It's budget season! Over 300 CISOs and security leaders have shared how they're planning, spending, and prioritizing for the year ahead. This report compiles their insights, allowing readers to benchmark strategies, identify emerging trends, and compare their priorities as they head into 2026.
Learn how top leaders are turning investment into measurable impact.
如有侵权请联系:admin#unsafe.sh