Ethical Hacking News
A critical vulnerability in SolarWinds Web Help Desk has been added to the Known Exploited Vulnerabilities (KEV) catalog by CISA. This untrusted data deserialization vulnerability could pave the way for remote code execution, allowing an attacker to run commands on the host machine without authentication. Learn more about this critical security flaw and how you can protect your organization from it.
The SolarWinds Web Help Desk (WHD) has a critical untrusted data deserialization vulnerability that could lead to remote code execution. The vulnerability, CVE-2025-40551, has a CVSS score of 9.8 and was added to the Known Exploited Vulnerabilities (KEV) catalog by CISA. Other vulnerabilities in Sangoma FreePBX and GitLab have also been added to the KEV catalog. Federal Civilian Executive Branch (FCEB) agencies must fix CVE-2025-40551 by February 6, 2026, with the rest by February 24, 2026. Organizations should ensure software is up-to-date and patched, implement robust security measures, conduct regular vulnerability assessments, and provide timely security training to employees.
The recent addition of a critical security flaw impacting SolarWinds Web Help Desk (WHD) to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has sent shockwaves throughout the cybersecurity community. This vulnerability, tracked as CVE-2025-40551 (CVSS score: 9.8), is a untrusted data deserialization vulnerability that could pave the way for remote code execution, allowing an attacker to run commands on the host machine without authentication.
According to CISA, SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could lead to remote code execution. This means that an attacker could potentially exploit this vulnerability to gain unauthorized access to sensitive information or take control of the system altogether. The fact that there are currently no public reports about how the vulnerability is being weaponized in attacks, who may be the targets, or the scale of such efforts only adds to the sense of unease and urgency.
The SolarWinds Web Help Desk (WHD) is a popular tool used by many organizations for their IT management needs. However, this critical security flaw highlights the importance of keeping software up-to-date and using reputable sources for security patches. The fact that WHD had multiple vulnerabilities added to its list in recent times demonstrates how quickly threat actors are moving to exploit newly disclosed flaws.
The vulnerability is not an isolated incident. CISA has added three other vulnerabilities to its KEV catalog, including:
* CVE-2019-19006 (CVSS score: 9.8) - An improper authentication vulnerability in Sangoma FreePBX that potentially allows unauthorized users to bypass password authentication and access services provided by the FreePBX administrator
* CVE-2025-64328 (CVSS score: 8.6) - An operating system command injection vulnerability in Sangoma FreePBX that could allow for a post-authentication command injection by an authenticated known user via the testconnection -> check_ssh_connect() function and potentially obtain remote access to the system as an asterisk user
* CVE-2021-39935 (CVSS score: 7.5/6.8) - A server-side request forgery (SSRF) vulnerability in GitLab Community and Enterprise Editions that could allow unauthorized external users to perform Server Side Requests via the CI Lint API
The exploitation of CVE-2021-39935 was highlighted by GreyNoise in March 2025, as part of a coordinated surge in the abuse of SSRF vulnerabilities in multiple platforms. This highlights the need for organizations to stay vigilant and proactive when it comes to identifying and mitigating security risks.
Federal Civilian Executive Branch (FCEB) agencies are required to fix CVE-2025-40551 by February 6, 2026, and the rest by February 24, 2026, pursuant to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities.
In light of this critical security flaw and its accompanying vulnerabilities, it is essential for organizations to take immediate action. This includes:
* Ensuring that all software, including WHD, is up-to-date and patched
* Implementing robust security measures, such as multi-factor authentication and intrusion detection systems
* Conducting regular vulnerability assessments and penetration testing to identify potential weaknesses
* Providing timely and effective security training to employees
The SolarWinds Web Help Desk vulnerability serves as a stark reminder of the ever-evolving threat landscape we inhabit. As threat actors continue to exploit newly disclosed flaws, it is crucial for organizations to remain vigilant and proactive in their pursuit of cybersecurity.
In conclusion, the addition of CVE-2025-40551 (CVSS score: 9.8) to the KEV catalog highlights the critical need for organizations to prioritize security patching and vulnerability mitigation. By taking immediate action and staying vigilant, we can minimize the risk of falling victim to this exploit.
Related Information:
https://www.ethicalhackingnews.com/articles/The-SolarWinds-Web-Help-Desk-Vulnerability-A-Critical-Expos-of-the-Unseen-Threat-ehn.shtml
https://thehackernews.com/2026/02/cisa-adds-actively-exploited-solarwinds.html
https://securityaffairs.com/187592/security/u-s-cisa-adds-solarwinds-web-help-desk-sangoma-freepbx-and-gitlab-flaws-to-its-known-exploited-vulnerabilities-catalog.html
https://nvd.nist.gov/vuln/detail/CVE-2025-40551
https://www.cvedetails.com/cve/CVE-2025-40551/
https://nvd.nist.gov/vuln/detail/CVE-2019-19006
https://www.cvedetails.com/cve/CVE-2019-19006/
https://nvd.nist.gov/vuln/detail/CVE-2025-64328
https://www.cvedetails.com/cve/CVE-2025-64328/
https://nvd.nist.gov/vuln/detail/CVE-2021-39935
https://www.cvedetails.com/cve/CVE-2021-39935/
https://www.greynoise.io/
https://www.pcworld.com/article/2997319/is-your-pc-secretly-trapped-in-a-botnet-this-free-tool-checks-instantly.html
https://www.cybersecuritydive.com/news/thousands-asus-routers-compromised-hacking/749259/
Published: Wed Feb 4 07:41:40 2026 by llama3.2 3B Q4_K_M
