Fresh SolarWinds Vulnerability Exploited in Attacks

Fresh SolarWinds Vulnerability Exploited in Attacks

Briefly

"Tracked as CVE-2025-40551 (CVSS score of 9.8), the bug affects SolarWinds Web Help Desk (WHD), the ticketing system, service, and asset management solution that has long been a preferred target for hackers. The fresh flaw is described as an untrusted data deserialization issue that can be exploited without authentication for remote code execution (RCE). CVE-2025-40551 exists in AjaxProxy functionality due to improper sanitization of requests and the bypass of a blocklist function."

"Last week, SolarWinds rolled out WHD version 2026.1 with patches for this vulnerability and five other issues, but made no mention of any of them being exploited in attacks. On Tuesday, CISA added CVE-2025-40551 to its Known Exploited Vulnerabilities (KEV) catalog, confirming in-the-wild exploitation and urging federal agencies to patch it within three days, which underlines the high risk the flaw poses."

"The GitLab bug, tracked as CVE-2021-39935, is a medium-severity issue allowing authenticated attackers to mount SSRF attacks via the CI Lint API. It was patched in December 2021 in GitLab CE/EE versions 14.3.6, 14.4.4, and 14.5.2. The Sangoma FreePBX issues newly added to KEV, however, tracked as CVE-2019-19006 and CVE-2025-64328, were flagged as exploited in attacks before. In November 2020, Check Point warned that the hacking group tracked as INJ3CTOR3 had been exploiting CVE-2019-19006."