CVE-2025-40536

Name of the Vulnerable Software and Affected Versions SolarWinds Web Help Desk versions prior to 12.8.8 Hotfix 1 (HF1)

Description SolarWinds Web Help Desk is susceptible to a security control bypass. Successful exploitation could allow an unauthenticated attacker to gain access to restricted functionality. This issue is actively being exploited and has been added to the CISA Known Exploited Vulnerabilities (KEV) catalog. Reports indicate potential Remote Code Execution (RCE) exploits, identified as Trojan:Win32/HijackWebHelpDesk.A. The vulnerability involves a bypass of data protection mechanisms, potentially allowing an attacker to elevate privileges.

Recommendations Versions prior to 12.8.8 Hotfix 1 (HF1) should be updated to 12.8.8 Hotfix 1 (HF1) or a later version.