CVE-2025-40536: SolarWinds Web Help Desk Security Control Bypass Vulnerability

Summary

Parameter	Value
CVE ID	CVE-2025-40536
Alert Source	CISA KEV - Active Exploitation
CVE Publication Year	2025
Date Published	2026-02-12
Vendor	SolarWinds
Product	Web Help Desk
CVSS Score	8.1 (high)
EPSS Score	27.8% (percentile: 96%)
CISA KEV	Yes - confirmed active exploitation
Ransomware	Not confirmed
Remediation Deadline	2026-02-15

Vulnerability Description

SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality.

Required Actions

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Who Is Affected?

This vulnerability affects Web Help Desk by SolarWinds. Check if your organization uses this software and requires updates.

Sources

• NVD - CVE-2025-40536
• CISA KEV Catalog
• FIRST EPSS

---

Need help securing your systems? nFlo team offers vulnerability management and 24/7 SOC services. Contact us.