AI description
CVE-2025-40536 is a security control bypass vulnerability affecting SolarWinds Web Help Desk (WHD) software. This flaw enables an unauthenticated attacker to circumvent security measures and access functionalities that are typically restricted to authenticated users. Specifically, the vulnerability allows for the bypass of Cross-Site Request Forgery (CSRF) protections by injecting a particular URI parameter, which then grants access to restricted WebObjects components. This bypass can be a component in a chain of vulnerabilities, potentially leading to more significant compromises, such as unauthenticated remote code execution, when combined with other identified flaws in the software.
- Description
- SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.
- Source
- psirt@solarwinds.com
- NVD status
- Analyzed
- Products
- web_help_desk
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@solarwinds.com
- CWE-693
- Hype score
- Not currently trending
CVE-2025-40536 (CVSS:8.1, HIGH) is Undergoing Analysis. SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could..https://t.co/srDUH4ixYG #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
2 Feb 2026
109 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We now have a draft @metasploit module for the recent SolarWinds Web Help Desk vulns (CVE-2025-40536 + CVE-2025-40551) , based on the PoC by @Horizon3ai but with a gadget for loading native code modules to achieve RCE: https://t.co/7VaAuzaZW6
@stephenfewer
30 Jan 2026
4352 Impressions
11 Retweets
55 Likes
21 Bookmarks
0 Replies
0 Quotes
SolarWinds、認証バイパス/RCEなど複数の重大脆弱性を修正 (CVE-2025-40536/40537/40551/40552/40553/40554) https://t.co/zyId8hsJLR #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
@securityLab_jp
30 Jan 2026
117 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#exploit #AppSec 1⃣. SolarWinds WHD RCE https://t.co/3AHGwj3jxp // Critical vulnerabilities in Solarwinds Web Help Desk (CVE-2025-40551, CVE-2025-40537, CVE-2025-40536) allow unauthenticated RCE through deserialization and request bypasses, with patches available in ver.2026.1
@ksg93rd
29 Jan 2026
270 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 أصدرت SolarWinds تحديثات أمنية لمعالجة ثغرات متعددة في Web Help Desk، بما فيها أربع ثغرات حرجة قد تؤدي إلى تجاوز المصادقة وتنفيذ تعليمات برمجية عن بُعد. من ضمنها C
@Cybercachear
29 Jan 2026
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️⚠️ 『if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.』 SolarWinds Web Help Desk Security Control Bypass Vulnerability (CVE-2025-40536) https://t.co/I8bzlN879f
@autumn_good_35
28 Jan 2026
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F7CADB33-214C-441A-BB62-64811EBBEB29",
"versionEndExcluding": "2026.1"
}
],
"operator": "OR"
}
]
}
]