【資安漏洞預警】SolarWinds旗下Web Help Desk (WHD)存在4個重大資安漏洞

【資安漏洞預警】SolarWinds旗下Web Help Desk (WHD)存在4個重大資安漏洞
[Security Vulnerability Alert] SolarWinds' Web Help Desk (WHD) has four major security vulnerabilities.

發布單位：圖資處數位服務組

日期範圍：2026/1/29 ～ 2026/7/29

發布單位：圖資處數位服務組

日期範圍：2026/1/29 ～ 2026/7/29

行政行政公告

全體

轉發台灣電腦網路危機處理暨協調中心資安訊息警訊 TWCERTCC-200-202601-00000027

[內容說明]
Web Help Desk (WHD)是SolarWinds旗下產品，主要提供集中式自動執行工單管理的服務，包含工單自動化、集中式知識庫、資產追蹤管理等，以便支援客戶與追蹤事項，近日發布重大資安漏洞公告。

【CVE-2025-40551，CVSS：9.8】此為不受信任資料反序列化漏洞，允許未經身分驗證的攻擊者可在主機上執行命令，可能導致遠端程式碼執行。

【CVE-2025-40552，CVSS：9.8】此為身分驗證繞過漏洞，若攻擊者利用該漏洞，可執行本應受身分驗證保護的相關服務。

【CVE-2025-40553，CVSS：9.8】此為不受信任資料反序列化漏洞，允許未經身分驗證的攻擊者可在主機上執行命令，可能導致遠端程式碼執行。

【CVE-2025-40554，CVSS：9.8】此為身分驗證繞過漏洞，若攻擊者利用該漏洞，可在Web Help Desk(WHD)中執行特定操作。

[影響平台]
SolarWinds Web Help Desk (WHD) 12.8.8 HF1(含)以下版本

[建議措施]
根據官方網站釋出的解決方式進行修補：https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm

[參考資料]
1. https://www.twcert.org.tw/tw/cp-169-10680-43bed-1.html

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Message Alert TWCERTCC-200-202601-00000027

[Content Description]
Web Help Desk (WHD), a product of SolarWinds, primarily provides centralized automated work order management services, including work order automation, a centralized knowledge base, and asset tracking management, to support customers and track issues. Recently, a major cybersecurity vulnerability announcement was released.

【CVE-2025-40551, CVSS: 9.8】 This is an untrusted data deserialization vulnerability, allowing unauthenticated attackers to execute commands on the host, potentially leading to remote code execution.

【CVE-2025-40552, CVSS: 9.8】 This is an authentication bypass vulnerability. If an attacker exploits this vulnerability, they can execute services that should be protected by authentication.

【CVE-2025-40553, CVSS: 9.8】 This is an untrusted data deserialization vulnerability that allows an unauthenticated attacker to execute commands on the host, potentially leading to remote code execution.

【CVE-2025-40554, CVSS: 9.8】 This is an authentication bypass vulnerability. If exploited, an attacker could perform specific operations within the Web Help Desk (WHD).

[Affected Platforms]
SolarWinds Web Help Desk (WHD) 12.8.8 HF1 and earlier versions

[Recommended Actions]
Patch the issue according to the solution released on the official website: https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm

[References]
1. https://www.twcert.org.tw/tw/cp-169-10680-43bed-1.html

【資安漏洞預警】SolarWinds旗下Web Help Desk (WHD)存在4個重大資安漏洞
[Security Vulnerability Alert] SolarWinds' Web Help Desk (WHD) has four major security vulnerabilities.

發布單位：圖資處數位服務組

日期範圍：2026/1/29 ～ 2026/7/29

行政行政公告

全體

相關附件

參考資料1

參考資料2

【返回上頁】

【資安漏洞預警】SolarWinds旗下Web Help Desk (WHD)存在4個重大資安漏洞 [Security Vulnerability Alert] SolarWinds' Web Help Desk (WHD) has four major security vulnerabilities.

發布單位：圖資處數位服務組

日期範圍：2026/1/29 ～ 2026/7/29

行政 行政公告

全體

相關附件

system_update_alt參考資料1

system_update_alt參考資料2

【返回上頁】

【資安漏洞預警】SolarWinds旗下Web Help Desk (WHD)存在4個重大資安漏洞
[Security Vulnerability Alert] SolarWinds' Web Help Desk (WHD) has four major security vulnerabilities.

行政行政公告

參考資料1

參考資料2