CVE-2025-40536
SolarWinds Web Help Desk Security Control Bypass Vulnerability
In short
SolarWinds Web Help Desk has a flaw that lets unauthenticated attackers bypass security controls and access restricted features they shouldn't be able to use. This is serious because attackers can gain unauthorized access without needing valid credentials.
Technical detail
The vulnerability allows an unauthenticated attacker to bypass security controls in SolarWinds Web Help Desk and access restricted functionality. The attack vector requires network access but no prior authentication, potentially leading to unauthorized access to sensitive administrative or operational features. The high CVSS score (8.1) reflects the significance of the control bypass and the ease of exploitation.
Summary generated and translated by AI from the official description.
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
SolarWinds · Web Help Deskpublic PoCs found — 1
githubgithub.com/victoriaalicex/CVE-2025-40536-Analysis★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htmhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40536https://www.huntress.com/blog/active-exploitation-solarwinds-web-help-desk-cve-2025-26399https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40536