Critical SolarWinds Vulnerability Listed as Actively Exploited

Critical SolarWinds Vulnerability Listed as Actively Exploited

Posted on By CWS

Key Points

  • Critical SolarWinds vulnerability flagged by CISA.
  • Remote code execution risk through untrusted data deserialization.
  • Federal agencies mandated to patch by early February 2026.

Highlighting a Significant Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has drawn attention to a severe flaw in the SolarWinds Web Help Desk software. On Tuesday, the agency added this issue to its Known Exploited Vulnerabilities (KEV) catalog, emphasizing its active exploitation in cyber attacks. The vulnerability, labeled CVE-2025-40551 with a CVSS score of 9.8, involves the deserialization of untrusted data, potentially allowing unauthorized remote code execution.

CISA has warned that this vulnerability could enable attackers to execute commands on compromised systems without requiring authentication. The urgency of addressing this flaw is underscored by its inclusion in the KEV catalog.

Response and Additional Vulnerabilities

In response to the identified threat, SolarWinds has released patches addressing this and several other vulnerabilities. Along with CVE-2025-40551, fixes were issued for CVE-2025-40536, CVE-2025-40537, CVE-2025-40552, CVE-2025-40553, and CVE-2025-40554, all affecting the Web Help Desk version 2026.1. Each of these vulnerabilities carries a high CVSS score, indicating significant risk.

Currently, there are no detailed reports on the specific methods of exploitation, targeted entities, or the scale of these attacks. However, the rapid exploitation of these vulnerabilities underscores the need for immediate action by organizations.

Broader Implications and Federal Response

Other vulnerabilities have also been added to the KEV catalog, reflecting the need for vigilance in addressing cybersecurity threats. These include CVE-2019-19006, CVE-2025-64328, and CVE-2021-39935, affecting various platforms like Sangoma FreePBX and GitLab.

Federal Civilian Executive Branch (FCEB) agencies have been instructed to rectify CVE-2025-40551 by February 6, 2026, with other patches required by February 24, 2026. This directive is part of a broader strategy to mitigate the risks associated with known vulnerabilities.

GreyNoise previously noted the exploitation of CVE-2021-39935, highlighting a trend in the abuse of server-side request forgery vulnerabilities across multiple platforms, including DotNetNuke and VMware vCenter.

Conclusion

The inclusion of these vulnerabilities in the KEV catalog reflects the ongoing threat landscape and the rapid pace at which threat actors exploit newly identified security flaws. Organizations must prioritize patching to protect their systems and data from unauthorized access and potential damage.

The Hacker News Tags:, , , , , , , , ,

Related Posts

Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware The Hacker News
Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers The Hacker News
Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool The Hacker News
New ChatGPT Atlas Browser Exploit Lets Attackers Plant Persistent Hidden Commands New ChatGPT Atlas Browser Exploit Lets Attackers Plant Persistent Hidden Commands The Hacker News
NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems The Hacker News
Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution The Hacker News