The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Tuesday added a crucial security flaw impacting SolarWinds Net Assist Desk (WHD) to its Recognized Exploited Vulnerabilities (KEV) catalog, flagging it as actively exploited in assaults.
The vulnerability, tracked as CVE-2025-40551 (CVSS rating: 9.8), is a untrusted information deserialization vulnerability that might pave the way in which for distant code execution.
“SolarWinds Net Assist Desk accommodates a deserialization of untrusted information vulnerability that might result in distant code execution, which might permit an attacker to run instructions on the host machine,” CISA mentioned. “This could possibly be exploited with out authentication.”
SolarWinds issued fixes for the flaw final week, together with CVE-2025-40536 (CVSS rating: 8.1), CVE-2025-40537 (CVSS rating: 7.5), CVE-2025-40552 (CVSS rating: 9.8), CVE-2025-40553 (CVSS rating: 9.8), and CVE-2025-40554 (CVSS rating: 9.8), in WHD model 2026.1.
There are at present no public experiences about how the vulnerability is being weaponized in assaults, who often is the targets, or the dimensions of such efforts. It is the newest illustration of how shortly menace actors are shifting to take advantage of newly disclosed flaws.
Additionally added to the KEV catalog are three different vulnerabilities –
- CVE-2019-19006 (CVSS rating: 9.8) – An improper authentication vulnerability in Sangoma FreePBX that doubtlessly permits unauthorized customers to bypass password authentication and entry companies offered by the FreePBX administrator
- CVE-2025-64328 (CVSS rating: 8.6) – An working system command injection vulnerability in Sangoma FreePBX that might permit for a post-authentication command injection by an authenticated recognized person through the testconnection -> check_ssh_connect() perform and doubtlessly acquire distant entry to the system as an asterisk person
- CVE-2021-39935 (CVSS rating: 7.5/6.8) – A server-side request forgery (SSRF) vulnerability in GitLab Neighborhood and Enterprise Editions that might permit unauthorized exterior customers to carry out Server Aspect Requests through the CI Lint API
It is value noting that the exploitation of CVE-2021-39935 was highlighted by GreyNoise in March 2025, as a part of a coordinated surge within the abuse of SSRF vulnerabilities in a number of platforms, together with DotNetNuke, Zimbra Collaboration Suite, Broadcom VMware vCenter, ColumbiaSoft DocumentLocator, BerriAI LiteLLM, and Ivanti Join Safe.
Federal Civilian Govt Department (FCEB) businesses are required to repair CVE-2025-40551 by February 6, 2026, and the remaining by February 24, 2026, pursuant to Binding Operational Directive (BOD) 22-01: Decreasing the Important Threat of Recognized Exploited Vulnerabilities.
