SolarWinds Web Help Desk untrusted data deserialization RCE (CVE-2025-40551)
Vulnerability
Summary
Hide ▲
Show ▼
SolarWinds Web Help Desk CVE-2025-40551 is now confirmed actively exploited, putting unpatched systems at risk of remote command execution. The flaw is an untrusted data deserialization issue, and CISA told federal agencies to patch within three days. SolarWinds says Web Help Desk 2026.1 fixes the problem, while defenders are being urged to update as soon as possible.
Related Happenings
Sangoma FreePBX web shell exploitation wave (CVE-2025-64328)
Exploitation Wave
First: 27.02.2026 19:59
Last: 27.02.2026 19:59
Sources 1
About this happening:
More than **900 Sangoma FreePBX** instances remain **web-shell infected** after an **ongoing exploitation wave** tied to **CVE-2025-64328**. The affected systems span the **U.S.**...
Sangoma FreePBX web shell exploitation wave (CVE-2025-64328)
Exploitation WaveAbout this happening: More than **900 Sangoma FreePBX** instances remain **web-shell infected** after an **ongoing exploitation wave** tied to **CVE-2025-64328**. The affected systems span the **U.S.**...
CISA adds two Roundcube flaws to KEV catalog
Public Sector Action
First: 21.02.2026 09:21
Last: 21.02.2026 09:21
Sources 1
About this happening:
**CISA** added **two Roundcube webmail flaws** to the **KEV catalog** after citing **active exploitation**, increasing urgency for federal remediation. **CVE-2025-49113** is a **C...
CISA adds two Roundcube flaws to KEV catalog
Public Sector ActionAbout this happening: **CISA** added **two Roundcube webmail flaws** to the **KEV catalog** after citing **active exploitation**, increasing urgency for federal remediation. **CVE-2025-49113** is a **C...
CISA updates KEV entry for CVE-2026-1731
Public Sector Action
First: 20.02.2026 17:45
Last: 20.02.2026 17:45
Sources 1
About this happening:
**CISA** updated its **KEV catalog** entry for **CVE-2026-1731**, confirming the flaw has been used in **ransomware campaigns** and elevating its government-tracked risk. The upda...
CISA updates KEV entry for CVE-2026-1731
Public Sector ActionAbout this happening: **CISA** updated its **KEV catalog** entry for **CVE-2026-1731**, confirming the flaw has been used in **ransomware campaigns** and elevating its government-tracked risk. The upda...
SolarWinds Web Help Desk (WHD) multi-stage exploitation wave
Exploitation Wave
First: 09.02.2026 16:42
Last: 09.02.2026 16:42
Sources 1
How related:
The malicious activity was spotted over the weekend by researchers at Huntress Security, who believe that it is part of a campaign that started on January 16 and leveraged recently disclosed SolarWinds WHD flaws.
About this happening:
**SolarWinds Web Help Desk (WHD)** exploitation is a **multi-stage intrusion wave** affecting **internet-exposed WHD instances**. The foothold remains unconfirmed, but the wave is...
SolarWinds Web Help Desk (WHD) multi-stage exploitation wave
Exploitation WaveHow related: The malicious activity was spotted over the weekend by researchers at Huntress Security, who believe that it is part of a campaign that started on January 16 and leveraged recently disclosed SolarWinds WHD flaws.
About this happening: **SolarWinds Web Help Desk (WHD)** exploitation is a **multi-stage intrusion wave** affecting **internet-exposed WHD instances**. The foothold remains unconfirmed, but the wave is...
Latest development: 10.03.2026 08:17
CISA added CVE-2025-26399 in SolarWinds Web Help Desk to its Known Exploited Vulnerabilities (KEV) catalog after evidence of active exploitation, said Microsoft and Huntress had reported threat actors using SolarWinds Web Help Desk flaws to obtain initial access, attributed the activity to the Warlock ransomware crew, and ordered Federal Civilian Executive Branch (FCEB) agencies to apply the fix by March 12, 2026.
BeyondTrust Remote Support and Privileged Remote Access pre-auth OS command injection (CVE-2026-1731)
Vulnerability
First: 09.02.2026 10:03
Last: 09.02.2026 10:03
Sources 1
About this happening:
**CVE-2026-1731** is a **critical pre-authentication OS command injection** in **BeyondTrust Remote Support** and **Privileged Remote Access** that can let an **unauthenticated at...
BeyondTrust Remote Support and Privileged Remote Access pre-auth OS command injection (CVE-2026-1731)
VulnerabilityAbout this happening: **CVE-2026-1731** is a **critical pre-authentication OS command injection** in **BeyondTrust Remote Support** and **Privileged Remote Access** that can let an **unauthenticated at...
Latest development: 09.02.2026 15:07
BeyondTrust secured all RS/PRA cloud systems by February 2, 2026 and directed on-premises customers to manually upgrade to Remote Support 25.3.2 or later and Privileged Remote Access 25.1.1 or later if automatic updates were not enabled.
Timeline
-
03.02.2026 21:37 2 articles · 3mo ago
SolarWinds releases Web Help Desk 2026.1 for CVE-2025-40551
Mitigation Patch UpdateSolarWinds releases Web Help Desk 2026.1 to fix the untrusted data deserialization flaw tracked as CVE-2025-40551, which could let unauthenticated attackers achieve remote command execution on unpatched devices. The same release also patches CVE-2025-40537, CVE-2025-40552, and CVE-2025-40554.
Show sources
- CISA flags critical SolarWinds RCE flaw as exploited in attacks — www.bleepingcomputer.com — 03.02.2026 21:37
- SolarWinds WHD Attacks Highlight Risks of Exposed Apps — www.darkreading.com — 11.02.2026 00:00
-
03.02.2026 21:37 2 articles · 3mo ago
CISA adds CVE-2025-40551 to exploited-in-the-wild catalog
Legal Policy Action UpdateCISA adds CVE-2025-40551 to its catalog of flaws exploited in the wild and gives Federal Civilian Executive Branch agencies three days to secure affected systems under Binding Operational Directive 22-01. CISA also urges all network defenders, including private-sector operators, to patch SolarWinds Web Help Desk as soon as possible because exploitation is ongoing.
Show sources
- CISA flags critical SolarWinds RCE flaw as exploited in attacks — www.bleepingcomputer.com — 03.02.2026 21:37
- CISA flags critical SolarWinds RCE flaw as exploited in attacks — www.bleepingcomputer.com — 03.02.2026 21:37