AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)

CVE-2025-40536: SolarWinds Web Help Desk Security Control Bypass Vulnerability

infovulnerability🔥 Actively Exploited

security

Source: CISA Known Exploited VulnerabilitiesFebruary 11, 2026CVE-2025-40536

Summary

SolarWinds Web Help Desk has a security control bypass vulnerability (a weakness that lets attackers skip security checks) that could allow someone without login credentials to access restricted features. This vulnerability is actively being exploited by real attackers.

Solution / Mitigation

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 68.1%

Exploit Maturity

🔥 Actively Exploited

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-693

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-40536

First tracked: February 12, 2026 at 03:44 PM

Classified by LLM (prompt v3) · confidence: 95%