Login Sign Up

CVE-2025-40536

8.1 HIGH CISA KEV
Authentication Bypass

📋 TL;DR

SolarWinds Web Help Desk contains a security control bypass vulnerability that allows unauthenticated attackers to access restricted functionality. This affects all organizations running vulnerable versions of SolarWinds Web Help Desk without proper patching.

💻 Affected Systems

Products:
  • SolarWinds Web Help Desk
Versions: Versions prior to 2026.1
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations are vulnerable if not patched to version 2026.1 or later.

📦 What is this software?

Web Help Desk by Solarwinds

View all CVEs affecting Web Help Desk →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to access sensitive data, modify configurations, or execute arbitrary code on the server.

🟠

Likely Case

Unauthorized access to administrative functions, user data exposure, or privilege escalation within the Web Help Desk application.

🟢

If Mitigated

Limited impact with proper network segmentation, strong authentication controls, and monitoring in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability specifically allows unauthenticated access, making exploitation straightforward for attackers who discover the bypass method.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2026.1

Vendor Advisory: https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40536

Restart Required: Yes

Instructions:

1. Download SolarWinds Web Help Desk version 2026.1 or later from the SolarWinds customer portal. 2. Backup current configuration and data. 3. Run the installer to upgrade to the patched version. 4. Restart the Web Help Desk service.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict access to Web Help Desk to trusted IP addresses only

Web Application Firewall Rules

all

Implement WAF rules to block suspicious authentication bypass attempts

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Web Help Desk from critical systems
  • Enable detailed logging and monitoring for all authentication and access control events

🔍 How to Verify

Check if Vulnerable:

Check Web Help Desk version in administration panel or via the installed software list

Check Version:

Check Help Desk → About in Web Help Desk interface or review installed programs list

Verify Fix Applied:

Verify version is 2026.1 or later and test authentication controls

📡 Detection & Monitoring

Log Indicators:

  • Unauthenticated access to restricted endpoints
  • Failed authentication followed by successful access
  • Access from unexpected IP addresses to admin functions

Network Indicators:

  • Unusual traffic patterns to authentication endpoints
  • Requests bypassing normal authentication flows

SIEM Query:

source="web_help_desk" AND (event_type="auth_bypass" OR (status="200" AND auth="none" AND uri="/admin/*"))

📊 Metadata

CVE ID: CVE-2025-40536
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-693
EPSS Score: 69.07% exploit probability (98.6th percentile)
CISA KEV: Actively Exploited added Feb 12, 2026
Published: January 28, 2026
Last Updated: February 13, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-40536, you might also want to check these:

CVE-2023-31273 10.0

This vulnerability in Intel Data Center Manager (DCM) software allows unauthenticated attackers to b...

Same vulnerability type (CWE-693)
CVE-2021-32835 9.9

CVE-2021-32835 is a sandbox escape vulnerability in Eclipse Keti that allows authenticated attackers...

Same vulnerability type (CWE-693)
CVE-2025-68668 9.9

This CVE describes a sandbox bypass vulnerability in n8n's Python Code Node that allows authenticate...

Same vulnerability type (CWE-693)