Critical SolarWinds Vulnerability Listed as Actively Exploited

Critical SolarWinds Vulnerability Listed as Actively Exploited

Posted on By CWS

Key Points

  • Critical SolarWinds vulnerability flagged by CISA.
  • Remote code execution risk through untrusted data deserialization.
  • Federal agencies mandated to patch by early February 2026.

Highlighting a Significant Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has drawn attention to a severe flaw in the SolarWinds Web Help Desk software. On Tuesday, the agency added this issue to its Known Exploited Vulnerabilities (KEV) catalog, emphasizing its active exploitation in cyber attacks. The vulnerability, labeled CVE-2025-40551 with a CVSS score of 9.8, involves the deserialization of untrusted data, potentially allowing unauthorized remote code execution.

CISA has warned that this vulnerability could enable attackers to execute commands on compromised systems without requiring authentication. The urgency of addressing this flaw is underscored by its inclusion in the KEV catalog.

Response and Additional Vulnerabilities

In response to the identified threat, SolarWinds has released patches addressing this and several other vulnerabilities. Along with CVE-2025-40551, fixes were issued for CVE-2025-40536, CVE-2025-40537, CVE-2025-40552, CVE-2025-40553, and CVE-2025-40554, all affecting the Web Help Desk version 2026.1. Each of these vulnerabilities carries a high CVSS score, indicating significant risk.

Currently, there are no detailed reports on the specific methods of exploitation, targeted entities, or the scale of these attacks. However, the rapid exploitation of these vulnerabilities underscores the need for immediate action by organizations.

Broader Implications and Federal Response

Other vulnerabilities have also been added to the KEV catalog, reflecting the need for vigilance in addressing cybersecurity threats. These include CVE-2019-19006, CVE-2025-64328, and CVE-2021-39935, affecting various platforms like Sangoma FreePBX and GitLab.

Federal Civilian Executive Branch (FCEB) agencies have been instructed to rectify CVE-2025-40551 by February 6, 2026, with other patches required by February 24, 2026. This directive is part of a broader strategy to mitigate the risks associated with known vulnerabilities.

GreyNoise previously noted the exploitation of CVE-2021-39935, highlighting a trend in the abuse of server-side request forgery vulnerabilities across multiple platforms, including DotNetNuke and VMware vCenter.

Conclusion

The inclusion of these vulnerabilities in the KEV catalog reflects the ongoing threat landscape and the rapid pace at which threat actors exploit newly identified security flaws. Organizations must prioritize patching to protect their systems and data from unauthorized access and potential damage.

The Hacker News Tags:, , , , , , , , ,

Related Posts

Cybersecurity Focus Risks Overlooking Basics Cybersecurity Focus Risks Overlooking Basics The Hacker News
VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages The Hacker News
AI Enhances Cloud Breach Investigation Speed for SOC Teams AI Enhances Cloud Breach Investigation Speed for SOC Teams The Hacker News
Cisco Catalyst SD-WAN Flaw Exploited for Admin Access Cisco Catalyst SD-WAN Flaw Exploited for Admin Access The Hacker News
Chrome 0-Day, Ivanti Exploits, MacOS Stealers, Crypto Heists and More Chrome 0-Day, Ivanti Exploits, MacOS Stealers, Crypto Heists and More The Hacker News
Linux AppArmor Vulnerabilities Risk Root Escalation Linux AppArmor Vulnerabilities Risk Root Escalation The Hacker News