9.8
CVE-2025-40536
- EPSS 81.62%
- Veröffentlicht 28.01.2026 07:30:09
- Zuletzt bearbeitet 13.02.2026 14:03:55
- Quelle psirt@solarwinds.com
- CVE-Watchlists
- Unerledigt
SolarWinds Web Help Desk Security Control Bypass Vulnerability
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Solarwinds ≫ Web Help Desk Version < 2026.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login12.02.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog
SolarWinds Web Help Desk Security Control Bypass Vulnerability
SchwachstelleSolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality.
BeschreibungApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 81.62% | 0.996 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| psirt@solarwinds.com | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-693 Protection Mechanism Failure
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40536
https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-40536
https://www.huntress.com/blog/active-exploitation-solarwinds-web-help-desk-cve-2025-26399