Critical SolarWinds Vulnerability Listed as Actively Exploited

Critical SolarWinds Vulnerability Listed as Actively Exploited

Posted on By CWS

Key Points

  • Critical SolarWinds vulnerability flagged by CISA.
  • Remote code execution risk through untrusted data deserialization.
  • Federal agencies mandated to patch by early February 2026.

Highlighting a Significant Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has drawn attention to a severe flaw in the SolarWinds Web Help Desk software. On Tuesday, the agency added this issue to its Known Exploited Vulnerabilities (KEV) catalog, emphasizing its active exploitation in cyber attacks. The vulnerability, labeled CVE-2025-40551 with a CVSS score of 9.8, involves the deserialization of untrusted data, potentially allowing unauthorized remote code execution.

CISA has warned that this vulnerability could enable attackers to execute commands on compromised systems without requiring authentication. The urgency of addressing this flaw is underscored by its inclusion in the KEV catalog.

Response and Additional Vulnerabilities

In response to the identified threat, SolarWinds has released patches addressing this and several other vulnerabilities. Along with CVE-2025-40551, fixes were issued for CVE-2025-40536, CVE-2025-40537, CVE-2025-40552, CVE-2025-40553, and CVE-2025-40554, all affecting the Web Help Desk version 2026.1. Each of these vulnerabilities carries a high CVSS score, indicating significant risk.

Currently, there are no detailed reports on the specific methods of exploitation, targeted entities, or the scale of these attacks. However, the rapid exploitation of these vulnerabilities underscores the need for immediate action by organizations.

Broader Implications and Federal Response

Other vulnerabilities have also been added to the KEV catalog, reflecting the need for vigilance in addressing cybersecurity threats. These include CVE-2019-19006, CVE-2025-64328, and CVE-2021-39935, affecting various platforms like Sangoma FreePBX and GitLab.

Federal Civilian Executive Branch (FCEB) agencies have been instructed to rectify CVE-2025-40551 by February 6, 2026, with other patches required by February 24, 2026. This directive is part of a broader strategy to mitigate the risks associated with known vulnerabilities.

GreyNoise previously noted the exploitation of CVE-2021-39935, highlighting a trend in the abuse of server-side request forgery vulnerabilities across multiple platforms, including DotNetNuke and VMware vCenter.

Conclusion

The inclusion of these vulnerabilities in the KEV catalog reflects the ongoing threat landscape and the rapid pace at which threat actors exploit newly identified security flaws. Organizations must prioritize patching to protect their systems and data from unauthorized access and potential damage.

The Hacker News Tags:, , , , , , , , ,

Related Posts

Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat The Hacker News
CISA Adds PaperCut NG/MF CSRF Vulnerability to KEV Catalog Amid Active Exploitation CISA Adds PaperCut NG/MF CSRF Vulnerability to KEV Catalog Amid Active Exploitation The Hacker News
SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass The Hacker News
Ukraine Warns of CABINETRAT Backdoor + XLL Add-ins Spread via Signal ZIPs Ukraine Warns of CABINETRAT Backdoor + XLL Add-ins Spread via Signal ZIPs The Hacker News
PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks The Hacker News
Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation The Hacker News