/Vulnerability Library

SolarWinds Web Help Desk < 12.8.8 Hotfix 1 (HF1) - Security Control Bypass

CVE-2025-40536
Verified

Description

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.

Severity

High

CVSS Score

8.1

Exploit Probability

69%

Affected Product

web_help_desk

Published Date

February 16, 2026

Template Author

inokii

CVE-2025-40536.yaml
id: CVE-2025-40536

info:
  name: SolarWinds Web Help Desk < 12.8.8 Hotfix 1 (HF1) - Security Control Bypass
  author: inokii
  severity: high
  description: |
    SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.
  impact: |
    Attackers can gain access to certain restricted functionality.
  remediation: |
    Apply the available 12.8.8 Hotfix 1 (HF1) or upgrade to version 2026.1.
  reference:
    - https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40536
    - https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm
    - https://horizon3.ai/attack-research/cve-2025-40551-another-solarwinds-web-help-desk-deserialization-issue/
  classification:
    cve-id: CVE-2025-40536
    epss-score: 0.68905
    epss-percentile: 0.98652
    cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.1
    cwe-id: CWE-693
    cpe: cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: solarwinds
    product: web_help_desk
    shodan-query: http.favicon.hash:"1895809524"
  tags: cve,cve2025,solarwinds,webhelpdesk,kev,vkev,passive

http:
  - method: GET
    path:
      - "{{BaseURL}}/helpdesk/WebObjects/Helpdesk.woa"

    host-redirects: true
    max-redirects: 2

    extractors:
      - type: regex
        name: build_token
        part: body
        group: 1
        regex:
          - "\\?v=([0-9]+_[0-9]+_[0-9]+_[0-9]+)"
        internal: true

      - type: dsl
        name: version
        dsl:
          - "replace(build_token, '_', '.')"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "Web Help Desk Software"
          - "SolarWinds WorldWide"
          - "/WebObjects/Helpdesk.woa"
        condition: or

      - type: dsl
        dsl:
          - "compare_versions(version, '< 12.8.8.2585')"
# digest: 490a0046304402207baf608a099d2efd2710450ea13dc48fb10144575e603785c58f60eac813f0a402202397e722fe1aba7253ef15c9544adb0b9737ed90c8004858e1e8b4fe4f5ed115:922c64590222798bb761d5b6d8e72950
8.1Score

CVSS Metrics

CVSS Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE ID:
cve-2025-40536
CWE ID:
cwe-693

References

https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40536https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htmhttps://horizon3.ai/attack-research/cve-2025-40551-another-solarwinds-web-help-desk-deserialization-issue/

Remediation Steps

Apply the available 12.8.8 Hotfix 1 (HF1) or upgrade to version 2026.1.