← ExploitWatch
HomeExploited Vulnerabilities

CVE-2025-40536 — Actively Exploited: Web Help Desk (SolarWinds)

SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality.

CVE IDCVE-2025-40536
VendorSolarWinds
ProductWeb Help Desk
Vulnerability nameSolarWinds Web Help Desk Security Control Bypass Vulnerability
Date added2026-02-12
Remediation due2026-02-15
Known ransomware useUnknown
Required actionApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
DescriptionSolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →