id: CVE-2025-40536 info: name: SolarWinds Web Help Desk < 12.8.8 Hotfix 1 (HF1) - Security Control Bypass author: inokii severity: high description: | SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality. impact: | Attackers can gain access to certain restricted functionality. remediation: | Apply the available 12.8.8 Hotfix 1 (HF1) or upgrade to version 2026.1. reference: - https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40536 - https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm - https://horizon3.ai/attack-research/cve-2025-40551-another-solarwinds-web-help-desk-deserialization-issue/ classification: cve-id: CVE-2025-40536 epss-score: 0.67487 epss-percentile: 0.9859 cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cwe-id: CWE-693 cpe: cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: solarwinds product: web_help_desk shodan-query: http.favicon.hash:"1895809524" tags: cve,cve2025,solarwinds,webhelpdesk,kev,vkev,passive http: - method: GET path: - "{{BaseURL}}/helpdesk/WebObjects/Helpdesk.woa" host-redirects: true max-redirects: 2 extractors: - type: regex name: build_token part: body group: 1 regex: - "\\?v=([0-9]+_[0-9]+_[0-9]+_[0-9]+)" internal: true - type: dsl name: version dsl: - "replace(build_token, '_', '.')" matchers-condition: and matchers: - type: word words: - "Web Help Desk Software" - "SolarWinds WorldWide" - "/WebObjects/Helpdesk.woa" condition: or - type: dsl dsl: - "compare_versions(version, '< 12.8.8.2585')" # digest: 4b0a004830460221008e160f11a95dbf60fdb37ca1b8424ff3017bf143887692fc24c4c6c8a109340b022100c176b8643e8110cfda400ddba03a6e053dc4bdf8ede3d8ef784be1b5be1cadf8:922c64590222798bb761d5b6d8e72950