Critical SolarWinds Vulnerability Listed as Actively Exploited

Critical SolarWinds Vulnerability Listed as Actively Exploited

Posted on By CWS

Key Points

  • Critical SolarWinds vulnerability flagged by CISA.
  • Remote code execution risk through untrusted data deserialization.
  • Federal agencies mandated to patch by early February 2026.

Highlighting a Significant Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has drawn attention to a severe flaw in the SolarWinds Web Help Desk software. On Tuesday, the agency added this issue to its Known Exploited Vulnerabilities (KEV) catalog, emphasizing its active exploitation in cyber attacks. The vulnerability, labeled CVE-2025-40551 with a CVSS score of 9.8, involves the deserialization of untrusted data, potentially allowing unauthorized remote code execution.

CISA has warned that this vulnerability could enable attackers to execute commands on compromised systems without requiring authentication. The urgency of addressing this flaw is underscored by its inclusion in the KEV catalog.

Response and Additional Vulnerabilities

In response to the identified threat, SolarWinds has released patches addressing this and several other vulnerabilities. Along with CVE-2025-40551, fixes were issued for CVE-2025-40536, CVE-2025-40537, CVE-2025-40552, CVE-2025-40553, and CVE-2025-40554, all affecting the Web Help Desk version 2026.1. Each of these vulnerabilities carries a high CVSS score, indicating significant risk.

Currently, there are no detailed reports on the specific methods of exploitation, targeted entities, or the scale of these attacks. However, the rapid exploitation of these vulnerabilities underscores the need for immediate action by organizations.

Broader Implications and Federal Response

Other vulnerabilities have also been added to the KEV catalog, reflecting the need for vigilance in addressing cybersecurity threats. These include CVE-2019-19006, CVE-2025-64328, and CVE-2021-39935, affecting various platforms like Sangoma FreePBX and GitLab.

Federal Civilian Executive Branch (FCEB) agencies have been instructed to rectify CVE-2025-40551 by February 6, 2026, with other patches required by February 24, 2026. This directive is part of a broader strategy to mitigate the risks associated with known vulnerabilities.

GreyNoise previously noted the exploitation of CVE-2021-39935, highlighting a trend in the abuse of server-side request forgery vulnerabilities across multiple platforms, including DotNetNuke and VMware vCenter.

Conclusion

The inclusion of these vulnerabilities in the KEV catalog reflects the ongoing threat landscape and the rapid pace at which threat actors exploit newly identified security flaws. Organizations must prioritize patching to protect their systems and data from unauthorized access and potential damage.

The Hacker News Tags:, , , , , , , , ,

Related Posts

GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials The Hacker News
How to Assess and Choose the Right AI-SOC Platform How to Assess and Choose the Right AI-SOC Platform The Hacker News
Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC The Hacker News
Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit The Hacker News
AsyncRAT Exploits ConnectWise ScreenConnect to Steal Credentials and Crypto AsyncRAT Exploits ConnectWise ScreenConnect to Steal Credentials and Crypto The Hacker News
DoJ Seizes 145 Domains Tied to BidenCash Carding Marketplace in Global Takedown DoJ Seizes 145 Domains Tied to BidenCash Carding Marketplace in Global Takedown The Hacker News