SolarWinds Web Help Desk untrusted data deserialization RCE (CVE-2025-40551)
Vulnerability
Summary
Hide ▲
Show ▼
SolarWinds Web Help Desk CVE-2025-40551 is now confirmed actively exploited, putting unpatched systems at risk of remote command execution. The flaw is an untrusted data deserialization issue, and CISA told federal agencies to patch within three days. SolarWinds says Web Help Desk 2026.1 fixes the problem, while defenders are being urged to update as soon as possible.
Related Happenings
SolarWinds Serv-U advisory and mitigations for CVE-2026-28318
Advisory/Mitigation
H score52
First: 06.06.2026 11:14
Last: 06.06.2026 11:14
Sources 1
About this happening:
**SolarWinds Serv-U** mitigation guidance now covers **CVE-2026-28318**, reducing **unauthenticated DoS** risk from specially crafted POST requests. SolarWinds says the flaw is ad...
SolarWinds Serv-U advisory and mitigations for CVE-2026-28318
Advisory/MitigationAbout this happening: **SolarWinds Serv-U** mitigation guidance now covers **CVE-2026-28318**, reducing **unauthenticated DoS** risk from specially crafted POST requests. SolarWinds says the flaw is ad...
CISA KEV order for SolarWinds Serv-U CVE-2026-28318
Public Sector Action
H score50
First: 06.06.2026 11:14
Last: 06.06.2026 11:14
Sources 1
About this happening:
**CISA** added **CVE-2026-28318** affecting **SolarWinds Serv-U** to the **KEV catalog** and ordered **FCEB agencies** to remediate it by **June 19, 2026**. The directive expands...
CISA KEV order for SolarWinds Serv-U CVE-2026-28318
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-28318** affecting **SolarWinds Serv-U** to the **KEV catalog** and ordered **FCEB agencies** to remediate it by **June 19, 2026**. The directive expands...
Sangoma FreePBX web shell exploitation wave (CVE-2025-64328)
Exploitation Wave
H score41
First: 27.02.2026 19:59
Last: 27.02.2026 19:59
Sources 1
About this happening:
More than **900 Sangoma FreePBX** instances remain **web-shell infected** after an **ongoing exploitation wave** tied to **CVE-2025-64328**. The affected systems span the **U.S.**...
Sangoma FreePBX web shell exploitation wave (CVE-2025-64328)
Exploitation WaveAbout this happening: More than **900 Sangoma FreePBX** instances remain **web-shell infected** after an **ongoing exploitation wave** tied to **CVE-2025-64328**. The affected systems span the **U.S.**...
CISA adds two Roundcube flaws to KEV catalog
Public Sector Action
H score49
First: 21.02.2026 09:21
Last: 21.02.2026 09:21
Sources 1
About this happening:
**CISA** added **two Roundcube webmail flaws** to the **KEV catalog** after citing **active exploitation**, increasing urgency for federal remediation. **CVE-2025-49113** is a **C...
CISA adds two Roundcube flaws to KEV catalog
Public Sector ActionAbout this happening: **CISA** added **two Roundcube webmail flaws** to the **KEV catalog** after citing **active exploitation**, increasing urgency for federal remediation. **CVE-2025-49113** is a **C...
CISA updates KEV entry for CVE-2026-1731
Public Sector Action
H score36
First: 20.02.2026 17:45
Last: 20.02.2026 17:45
Sources 1
About this happening:
**CISA** updated its **KEV catalog** entry for **CVE-2026-1731**, confirming the flaw has been used in **ransomware campaigns** and elevating its government-tracked risk. The upda...
CISA updates KEV entry for CVE-2026-1731
Public Sector ActionAbout this happening: **CISA** updated its **KEV catalog** entry for **CVE-2026-1731**, confirming the flaw has been used in **ransomware campaigns** and elevating its government-tracked risk. The upda...
Timeline
-
03.02.2026 21:37 2 articles · 5mo ago
SolarWinds releases Web Help Desk 2026.1 for CVE-2025-40551
Mitigation Patch UpdateSolarWinds releases Web Help Desk 2026.1 to fix the untrusted data deserialization flaw tracked as CVE-2025-40551, which could let unauthenticated attackers achieve remote command execution on unpatched devices. The same release also patches CVE-2025-40537, CVE-2025-40552, and CVE-2025-40554.
Show sources
- CISA flags critical SolarWinds RCE flaw as exploited in attacks — www.bleepingcomputer.com — 03.02.2026 21:37
- SolarWinds WHD Attacks Highlight Risks of Exposed Apps — www.darkreading.com — 11.02.2026 00:00
-
03.02.2026 21:37 2 articles · 5mo ago
CISA adds CVE-2025-40551 to exploited-in-the-wild catalog
Legal Policy Action UpdateCISA adds CVE-2025-40551 to its catalog of flaws exploited in the wild and gives Federal Civilian Executive Branch agencies three days to secure affected systems under Binding Operational Directive 22-01. CISA also urges all network defenders, including private-sector operators, to patch SolarWinds Web Help Desk as soon as possible because exploitation is ongoing.
Show sources
- CISA flags critical SolarWinds RCE flaw as exploited in attacks — www.bleepingcomputer.com — 03.02.2026 21:37
- CISA flags critical SolarWinds RCE flaw as exploited in attacks — www.bleepingcomputer.com — 03.02.2026 21:37