CVE-2025-40536 - PatchNow

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2026-01-28

Added to CISA KEV: 2026-02-12 15 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

CRITICAL: Immediately check for indicators of compromise - active exploitation has been observed against SolarWinds Web Help Desk instances. Review access logs, check for unauthorized access, verify system integrity, and look for signs of lateral movement
URGENT: Upgrade to Web Help Desk version 2026.1 immediately to remediate the vulnerability
Implement network segmentation to limit potential lateral movement if compromise has occurred
Monitor Web Help Desk access logs for suspicious unauthenticated access attempts and unauthorized functionality usage
Consider temporarily restricting internet access to WHD instances until patching is complete if operationally feasible
PATCH PRIORITY: CRITICAL - This should be treated as an emergency patch due to active exploitation and high internet exposure

🔍 Web Intelligence

Key Sources:

Analysis of active exploitation of SolarWinds Web Help Desk
The Microsoft Defender Research Team observed a multi‑stage intrusion where threat actors exploited internet‑exposed SolarWinds Web Help Desk (WHD) instances to get an initial foothold and then laterally moved towards other high-value assets within the organization. However, we have not yet confirmed whether the attacks are related to the most recent set of WHD vulnerabilities disclosed on January 28, 2026, such as CVE-2025-40551 and CVE-2025-40536 or stem from previously disclosed vulnerabilities like CVE-2025-26399.
CVE-2025-40536 Detail - NVD
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.Description. SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.
SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on ...
Microsoft has revealed that it observed a multi‑stage intrusion that involved the threat actors exploiting internet‑exposed SolarWinds Web Help Desk (WHD) instances to obtain initial access and move laterally across the organization's network to other high-value assets. That said, the Microsoft Defender Security Research Team said it's not clear whether the activity weaponized recently disclosed flaws (CVE-2025-40551, CVSS score: 9.8, and CVE-2025-40536, CVSS score: 8.1), or a previously patched vulnerability (CVE-2025-26399, CVSS score: 9.8).
Known Exploited Vulnerabilities Catalog - CISA
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.How to use the KEV ...
CVE-2025-40536: SolarWinds Web Help Desk Auth ...
CVE-2025-40536 is an authentication bypass vulnerability in SolarWinds Web Help Desk allowing unauthenticated attackers to access restricted ...

🔴 CVE-2025-40536

📋 Vulnerability Details

🎯 Recommendations:

🔍 Web Intelligence

Key Sources: