CVE-2025-40536

Published Jan 28, 2026

Last updated 3 months ago

Exploit knownCVSS high 8.1
SolarWinds Web Help Desk
Supply chain

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-40536 is a security control bypass vulnerability affecting SolarWinds Web Help Desk (WHD) software. This flaw enables an unauthenticated attacker to circumvent security measures and access functionalities that are typically restricted to authenticated users. Specifically, the vulnerability allows for the bypass of Cross-Site Request Forgery (CSRF) protections by injecting a particular URI parameter, which then grants access to restricted WebObjects components. This bypass can be a component in a chain of vulnerabilities, potentially leading to more significant compromises, such as unauthenticated remote code execution, when combined with other identified flaws in the software.

Description
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.
Source
psirt@solarwinds.com
NVD status
Analyzed
Products
web_help_desk

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
SolarWinds Web Help Desk Security Control Bypass Vulnerability
Exploit added on
Feb 12, 2026
Exploit action due
Feb 15, 2026
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

psirt@solarwinds.com
CWE-693

Social media

Hype score
Not currently trending

  1. 🛡️ Alerta de Seguridad: Vulnerabilidad de Bypass de Controles de Seguridad en SolarWinds Web Help Desk (CVE-2025-40536) SolarWinds Web Help Desk contiene una vulnerabilidad de bypass de controles de seguridad (CWE-693) que permite a un atacante no autenticado acceder a

    @CiberPlanetaOrg

    16 Mar 2026

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. New security insights: Critical Analysis CVE-2025-40536 - SolarWinds Web Help Desk Security Control.... Fresh perspectives on defensive strategies. Read more: https://t.co/p7JK9C4azw

    @TomarPrateek23

    23 Feb 2026

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Just published: Critical Analysis CVE-2025-40536 - SolarWinds Web Help Desk Security Control.... Practical security guidance from the trenches. Read more: https://t.co/blklXjvfqg

    @TomarPrateek23

    21 Feb 2026

    42 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. The @CISAgov added 4 exploited bugs to KEV: SolarWinds WHD (CVE-2025-40536, 9.8), MS ConfigMgr SQLi→RCE (CVE-2024-43468, 9.8), Apple (CVE-2026-20700), Notepad++ (CVE-2025-15556). Patch fast. #cybersecurity #CISO #infosec #ITsecurity https://t.co/zHY8g3q1Ph

    @SCMagazine

    18 Feb 2026

    265 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 CVE-2025-40536 - high 🚨 SolarWinds Web Help Desk < 12.8.8 Hotfix 1 (HF1) - Security Control Bypass > SolarWinds Web Help Desk was found to be susceptible to a security control bypass vul... 👾 https://t.co/vpzR6IIcdY @pdnuclei #NucleiTempl...

    @pdnuclei_bot

    18 Feb 2026

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Alerte Critique CISA : Exploitation Active de la Vulnérabilité CVE-2025-40536 dans SolarWinds Web Help Desk https://t.co/9VdUrlKRwy

    @NicolasCoolman

    18 Feb 2026

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🔴 #SolarWinds, Security Control Bypass, #CVE-2025-40536 (HIGH) https://t.co/Tpc16U0k4C

    @dailycve

    18 Feb 2026

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. The @CISAgov added 4 exploited bugs to KEV: SolarWinds WHD (CVE-2025-40536, 9.8), MS ConfigMgr SQLi→RCE (CVE-2024-43468, 9.8), Apple (CVE-2026-20700), Notepad++ (CVE-2025-15556). Patch fast. #cybersecurity #CISO #infosec #ITsecurity https://t.co/zHY8g3q1Ph

    @SCMagazine

    16 Feb 2026

    1410 Impressions

    2 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  9. The @CISAgov added 4 exploited bugs to KEV: SolarWinds WHD (CVE-2025-40536, 9.8), MS ConfigMgr SQLi→RCE (CVE-2024-43468, 9.8), Apple (CVE-2026-20700), Notepad++ (CVE-2025-15556). Patch fast. #cybersecurity #CISO #infosec #ITsecurity https://t.co/zHY8g3q1Ph

    @SCMagazine

    15 Feb 2026

    369 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. The @CISAgov added 4 exploited bugs to KEV: SolarWinds WHD (CVE-2025-40536, 9.8), MS ConfigMgr SQLi→RCE (CVE-2024-43468, 9.8), Apple (CVE-2026-20700), Notepad++ (CVE-2025-15556). Patch fast. #cybersecurity #CISO #infosec #ITsecurity https://t.co/zHY8g3q1Ph

    @SCMagazine

    14 Feb 2026

    309 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🚨 CISA adds exploited SolarWinds, Notepad++, Apple, and Microsoft ConfigMgr flaws to KEV — patch-now priority CISA added four in-the-wild exploited CVEs (SolarWinds Web Help Desk bypass CVE-2025-40536, Notepad++ WinGUp update integrity CVE-2025-15556, Apple dyld CVE-2026-207

    @ThreatSynop

    13 Feb 2026

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに4件の追加。Microsoft Configuration ManagerのCVE-2024-43468、Notepad++のCVE-2025-15556、SolarWinds Web Help DeskのCVE-2025-40536、Apple複数製品

    @__kokumoto

    12 Feb 2026

    841 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  13. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-40536 #SolarWinds Web Help Desk Security Control Bypass Vulnerability https://t.co/3x3qc6yTOG

    @ScyScan

    12 Feb 2026

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Attackers are exploiting SolarWinds Web Help Desk (WHD) using a chain of vulnerabilities, including two zero-days (vulnerabilities CVE-2025-40551 and CVE-2025-40536). These flaws allow remote code execution and authentication bypass. If you use SolarWinds WHD, update to the

    @cybernewslive

    10 Feb 2026

    83 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CVE-2025-26399 / CVE-2025-40551 / CVE-2025-40536  ⚠️ SolarWinds Web Help Desk – Actively Exploited RCE  SolarWinds Web Help Desk (WHD) installations exposed to the internet are being actively exploited via unauthenticated remote code execution.  Observed intrusions sho

    @modat_magnify

    9 Feb 2026

    144 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. 🚨 SolarWinds Web Help Desk RCE Exploited to Drop Zoho Assist, Velociraptor, and Cloudflared Tunnels Attackers are actively exploiting SolarWinds Web Help Desk deserialization flaws (notably CVE-2025-40551 / CVE-2025-26399, plus related CVE-2025-40536) to gain unauthenticated

    @ThreatSynop

    9 Feb 2026

    74 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  17. #ITSecurity SolarWinds again and reminders: CVE-2025-40551Unauthenticated RCE via AjaxProxy deserialization, 9.8 Remote command execution CVE-2025-40536 Protection bypass via bogus “/ajax/” parameter, 8.1 Access to restricted WebObjects

    @seaarepea

    8 Feb 2026

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Microsoft Defender 연구팀은 SolarWinds Web Help Desk(WHD)의 취약점을 악용한 실제 공격 사례를 발견 현재 추가 조사를 통해 악용된 실제 취약점( CVE-2025-40551 (신뢰할 수 없는 데이터 역직렬화), CVE-2025-40536 (보안 제어 우회),

    @ngnicky

    7 Feb 2026

    124 Impressions

    0 Retweets

    0 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  19. Analysis of active exploitation of SolarWinds Web Help Desk - https://t.co/InJP6reBJn #threatintel #solarwinds-web-help-desk #cve-2025-40551 #cve-2025-40536 #cve-2025-26399 #rce-exploitation

    @RedPacketSec

    7 Feb 2026

    96 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Recent reporting by Microsoft Security Blog highlights active exploitation of SolarWinds Web Help Desk (WHD) through unpatched vulnerabilities, including newly disclosed CVE-2025-40551 and CVE-2025-40536. While the report does not explicitly attribute the attacks to

    @ox0ffff

    7 Feb 2026

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. CVE-2025-40536 (CVSS:8.1, HIGH) is Undergoing Analysis. SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could..https://t.co/srDUH4ixYG #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    2 Feb 2026

    109 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. We now have a draft @metasploit module for the recent SolarWinds Web Help Desk vulns (CVE-2025-40536 + CVE-2025-40551) , based on the PoC by @Horizon3ai but with a gadget for loading native code modules to achieve RCE: https://t.co/7VaAuzaZW6

    @stephenfewer

    30 Jan 2026

    4352 Impressions

    11 Retweets

    55 Likes

    21 Bookmarks

    0 Replies

    0 Quotes

  23. SolarWinds、認証バイパス/RCEなど複数の重大脆弱性を修正 (CVE-2025-40536/40537/40551/40552/40553/40554) https://t.co/zyId8hsJLR #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews

    @securityLab_jp

    30 Jan 2026

    117 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. #exploit #AppSec 1⃣. SolarWinds WHD RCE https://t.co/3AHGwj3jxp // Critical vulnerabilities in Solarwinds Web Help Desk (CVE-2025-40551, CVE-2025-40537, CVE-2025-40536) allow unauthenticated RCE through deserialization and request bypasses, with patches available in ver.2026.1

    @ksg93rd

    29 Jan 2026

    270 Impressions

    1 Retweet

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. 📌 أصدرت SolarWinds تحديثات أمنية لمعالجة ثغرات متعددة في Web Help Desk، بما فيها أربع ثغرات حرجة قد تؤدي إلى تجاوز المصادقة وتنفيذ تعليمات برمجية عن بُعد. من ضمنها C

    @Cybercachear

    29 Jan 2026

    54 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. ⚠️⚠️⚠️ 『if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.』 SolarWinds Web Help Desk Security Control Bypass Vulnerability (CVE-2025-40536) https://t.co/I8bzlN879f

    @autumn_good_35

    28 Jan 2026

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2.CVE-2026-5735
  2. Fortinet FortiClient EMS Improper Access Control VulnerabilityCVE-2026-35616
  3. Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.CVE-2026-2699
  4. Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution.CVE-2026-2701
  5. TrueConf Client Download of Code Without Integrity Check VulnerabilityCVE-2026-3502

References

Sources include official advisories and independent security research.