Critical SolarWinds Vulnerability Listed as Actively Exploited

Critical SolarWinds Vulnerability Listed as Actively Exploited

Posted on By CWS

Key Points

  • Critical SolarWinds vulnerability flagged by CISA.
  • Remote code execution risk through untrusted data deserialization.
  • Federal agencies mandated to patch by early February 2026.

Highlighting a Significant Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has drawn attention to a severe flaw in the SolarWinds Web Help Desk software. On Tuesday, the agency added this issue to its Known Exploited Vulnerabilities (KEV) catalog, emphasizing its active exploitation in cyber attacks. The vulnerability, labeled CVE-2025-40551 with a CVSS score of 9.8, involves the deserialization of untrusted data, potentially allowing unauthorized remote code execution.

CISA has warned that this vulnerability could enable attackers to execute commands on compromised systems without requiring authentication. The urgency of addressing this flaw is underscored by its inclusion in the KEV catalog.

Response and Additional Vulnerabilities

In response to the identified threat, SolarWinds has released patches addressing this and several other vulnerabilities. Along with CVE-2025-40551, fixes were issued for CVE-2025-40536, CVE-2025-40537, CVE-2025-40552, CVE-2025-40553, and CVE-2025-40554, all affecting the Web Help Desk version 2026.1. Each of these vulnerabilities carries a high CVSS score, indicating significant risk.

Currently, there are no detailed reports on the specific methods of exploitation, targeted entities, or the scale of these attacks. However, the rapid exploitation of these vulnerabilities underscores the need for immediate action by organizations.

Broader Implications and Federal Response

Other vulnerabilities have also been added to the KEV catalog, reflecting the need for vigilance in addressing cybersecurity threats. These include CVE-2019-19006, CVE-2025-64328, and CVE-2021-39935, affecting various platforms like Sangoma FreePBX and GitLab.

Federal Civilian Executive Branch (FCEB) agencies have been instructed to rectify CVE-2025-40551 by February 6, 2026, with other patches required by February 24, 2026. This directive is part of a broader strategy to mitigate the risks associated with known vulnerabilities.

GreyNoise previously noted the exploitation of CVE-2021-39935, highlighting a trend in the abuse of server-side request forgery vulnerabilities across multiple platforms, including DotNetNuke and VMware vCenter.

Conclusion

The inclusion of these vulnerabilities in the KEV catalog reflects the ongoing threat landscape and the rapid pace at which threat actors exploit newly identified security flaws. Organizations must prioritize patching to protect their systems and data from unauthorized access and potential damage.

The Hacker News Tags:, , , , , , , , ,

Related Posts

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens The Hacker News
Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts The Hacker News
Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls The Hacker News
Google Patches 120 Flaws, Including Two Zero-Days Under Attack Google Patches 120 Flaws, Including Two Zero-Days Under Attack The Hacker News
CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git The Hacker News
Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access The Hacker News