CVE-2025-40536 | THREATINT

Description

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.

PUBLISHED Reserved 2025-04-16 | Published 2026-01-28 | Updated 2026-02-12 | Assigner SolarWinds

HIGH: 8.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-693 Protection Mechanism Failure

Product status

Default status

affected

12.8.8 HF1 and below

affected

Credits

Jimi Sebree working with Horizon3.ai finder

References

www.cisa.gov/...erabilities-catalog?field_cve=CVE-2025-40536 government-resource

www.huntress.com/...-solarwinds-web-help-desk-cve-2025-26399 third-party-advisory

www.solarwinds.com/...ter/security-advisories/CVE-2025-40536 vendor-advisory patch

documentation.solarwinds.com/...whd_2026-1_release_notes.htm release-notes

cve.org (CVE-2025-40536)

nvd.nist.gov (CVE-2025-40536)

Download JSON