CVE-2025-40536
Published: 28 January 2026
Summary
CVE-2025-40536 is a high-severity Protection Mechanism Failure (CWE-693) vulnerability in Solarwinds Web Help Desk. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 1.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely identification, reporting, and correction of software flaws like this security control bypass via vendor-recommended patches for SolarWinds Web Help Desk.
Mandates enforcement of approved authorizations for logical access to system resources, directly countering the bypass of security controls for restricted functionality.
Monitors and controls communications at external boundaries to block or limit unauthenticated network access required to exploit this vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows unauthenticated network access to bypass security controls in a public-facing web application (SolarWinds Web Help Desk), directly enabling exploitation of public-facing applications.
NVD Description
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.
Deeper analysisAI
SolarWinds Web Help Desk is affected by CVE-2025-40536, a security control bypass vulnerability classified under CWE-693 (Protection Mechanism Failure). Published on January 28, 2026, the issue carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to potential high impacts on confidentiality, integrity, and availability despite requiring high attack complexity.
An unauthenticated attacker with network access can exploit this vulnerability without user interaction. Successful exploitation allows the attacker to bypass security controls and gain access to certain restricted functionality within SolarWinds Web Help Desk.
SolarWinds has published mitigation details in their security advisory at https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40536 and release notes for Web Help Desk 2026.1 at https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm, recommending upgrades to patched versions.
The vulnerability appears in the CISA Known Exploited Vulnerabilities Catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40536, signaling real-world exploitation, with additional reports of active exploitation in related SolarWinds Web Help Desk vulnerabilities documented by Huntress at https://www.huntress.com/blog/active-exploitation-solarwinds-web-help-desk-cve-2025-26399.
Details
- CWE(s)
- KEV Date Added
- 12 February 2026