CVE-2025-40536CISA KEV: Actively Exploited

SolarWinds Web Help Desk Security Control Bypass Vulnerability

Published Feb 12, 2026·Updated Feb 12, 2026

Description

SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality.

Public Exploits & PoCs1 found

PoC: CVE-2025-40536-Analysis

CVE analysis of CVE-2025-40536, SolarWinds Web Help Desk security control bypass (CVSS 8.1). Covers vulnerability mechanics, attack chain with companion RCE CVEs, Storm-2603 threat actor attribution, MITRE ATT&CK mapping, and detection/remediation guidance for DoD and government environments.

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Start monitoring free