CVE-2025-40536
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2026-01-28
Last updated on: 2026-02-13
Assigner: SolarWinds
Description
Description
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| solarwinds | web_help_desk | to 2026.1 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-693 | The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in SolarWinds Web Help Desk allows an unauthenticated attacker to bypass security controls and gain access to certain restricted functionality within the application.
How can this vulnerability impact me? :
Exploitation of this vulnerability could allow an attacker without authentication to access restricted features, potentially leading to unauthorized actions, data compromise, or disruption of services.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70