PatchSiren cyber security CVE debrief
CVE-2025-40536 SolarWinds CVE debrief
CVE-2025-40536 is a SolarWinds Web Help Desk security control bypass vulnerability that CISA added to its Known Exploited Vulnerabilities (KEV) catalog on 2026-02-12. KEV inclusion means CISA has determined the issue is being actively exploited or has been exploited in the wild. Organizations using Web Help Desk should treat this as a high-priority remediation item and follow vendor instructions immediately.
- Vendor
- SolarWinds
- Product
- Web Help Desk
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2026-02-12
- Original CVE updated
- 2026-02-12
- Advisory published
- 2026-02-12
- Advisory updated
- 2026-02-12
Who should care
IT and security teams responsible for SolarWinds Web Help Desk, vulnerability and patch management teams, and risk owners for environments that depend on the product. This is especially important for organizations that must comply with CISA KEV remediation timelines.
Technical summary
The supplied corpus identifies CVE-2025-40536 as a security control bypass vulnerability in SolarWinds Web Help Desk. The CISA KEV entry does not provide exploit details in the supplied metadata, but it does confirm the vulnerability is known to be exploited and assigns a remediation due date of 2026-02-15. The severity score was not provided in the source material.
Defensive priority
Urgent. Because the vulnerability is in CISA’s KEV catalog, remediation should be prioritized over routine patch queues. The CISA due date in the supplied timeline is 2026-02-15.
Recommended defensive actions
- Review the SolarWinds security advisory and Web Help Desk 2026.1 release notes referenced by CISA for vendor-specific mitigation and remediation guidance.
- Apply vendor-recommended mitigations or updates as soon as possible.
- If mitigations are unavailable, discontinue use of the product until a safe remediation path is available.
- Confirm whether any instances of SolarWinds Web Help Desk are present in your environment, including test or forgotten deployments.
- Track remediation against the CISA KEV due date of 2026-02-15 and document completion for compliance purposes.
- If the product is used in a cloud context, follow applicable CISA BOD 22-01 guidance as referenced in the KEV entry.
Evidence notes
This debrief is based on the supplied CISA KEV source item and the official resource links listed with it. The source metadata identifies CVE-2025-40536 as a SolarWinds Web Help Desk security control bypass vulnerability, marks it as KEV-listed, and provides a remediation due date of 2026-02-15. No CVSS score or detailed exploit description was included in the supplied corpus, so those details are not asserted here.
Official resources
-
CVE-2025-40536 CVE record
CVE.org
-
CVE-2025-40536 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
-
Source item URL
cisa_kev
CISA added CVE-2025-40536 to the Known Exploited Vulnerabilities catalog on 2026-02-12. The supplied CISA metadata lists a remediation due date of 2026-02-15 and recommends applying vendor mitigations, following applicable BOD 22-01 cloud-s