CVE-2025-40536β€”SolarWinds Web Help Desk Security Control Bypass Vulnerability

PUBLISHEDvulnerability record
2026-02-12 Β· last modified February 12, 2026

Metadata

CVE ID:
CVE-2025-40536
Project:
SolarWinds
Product:
Web Help Desk
Date Added:
2026-02-12
Due Date:
2026-02-15
Last Updated:
February 12, 2026

Vulnerability Name

SolarWinds Web Help Desk Security Control Bypass Vulnerability

Description

SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality.

Known To Be Used in Ransomware Campaigns?

Ransomware Status:
Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

Related News Articles

Related Weaknesses