{"id":209834,"date":"2026-02-04T00:50:00","date_gmt":"2026-02-04T05:50:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/04\/cisa-adds-actively-exploited-solarwinds-web-help-desk-rce-to-kev-catalog\/"},"modified":"2026-02-04T05:05:09","modified_gmt":"2026-02-04T10:05:09","slug":"cisa-adds-actively-exploited-solarwinds-web-help-desk-rce-to-kev-catalog","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/04\/cisa-adds-actively-exploited-solarwinds-web-help-desk-rce-to-kev-catalog\/","title":{"rendered":"CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/02\/cisa-adds-actively-exploited-solarwinds.html\">CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/02\/cisa-adds-actively-exploited-solarwinds.html\">https:\/\/thehackernews.com\/2026\/02\/cisa-adds-actively-exploited-solarwinds.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-04 00:50:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><span class=\"p-author\">\ue804<span class=\"author\">Ravie Lakshmanan<\/span>\ue802<span class=\"author\">Feb 04, 2026<\/span><\/span><span class=\"p-tags\">Software Security \/ Vulnerability<\/span><\/p>\n<p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog, flagging it as actively exploited in attacks.<\/p>\n<p>The vulnerability, tracked as <strong>CVE-2025-40551<\/strong> (CVSS score: 9.8), is a untrusted data deserialization vulnerability that could pave the way for remote code execution.<\/p>\n<p>&#8220;SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine,&#8221; CISA said. &#8220;This could be exploited without authentication.&#8221;<\/p>\n<p>SolarWinds issued fixes for the flaw last week, along with CVE-2025-40536 (CVSS score: 8.1), CVE-2025-40537 (CVSS score: 7.5), CVE-2025-40552 (CVSS score: 9.8), CVE-2025-40553 (CVSS score: 9.8), and CVE-2025-40554 (CVSS score: 9.8), in WHD version 2026.1.<\/p>\n<p>There are currently no public reports about how the vulnerability is being weaponized in attacks, who may be the targets, or the scale of such efforts. It&#8217;s the latest illustration of how quickly threat actors are moving to exploit newly disclosed flaws.<\/p>\n<p>Also added to the KEV catalog are three other vulnerabilities &#8211;<\/p>\n<ul>\n<li><strong>CVE-2019-19006<\/strong> (CVSS score: 9.8) &#8211; An improper authentication vulnerability in Sangoma FreePBX that potentially allows unauthorized users to bypass password authentication and access services provided by the FreePBX administrator<\/li>\n<li><strong>CVE-2025-64328<\/strong> (CVSS score: 8.6) &#8211; An operating system command injection vulnerability in Sangoma FreePBX that could allow for a post-authentication command injection by an authenticated known user via the testconnection &#8211; check_ssh_connect() function and potentially obtain remote access to the system as an asterisk user<\/li>\n<li><strong>CVE-2021-39935<\/strong> (CVSS score: 7.5\/6.8) &#8211; A server-side request forgery (SSRF) vulnerability in GitLab Community and Enterprise&#8230;<\/li>\n<\/ul>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/02\/cisa-adds-actively-exploited-solarwinds.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog https:\/\/thehackernews.com\/2026\/02\/cisa-adds-actively-exploited-solarwinds.html Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":209835,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiXYyskJSpKQz4MscPjTNveStRrjYgHDTsZffWZld_xrrWTRQzAJC52KvI8uTEhbysHizeZ14HTRrrlbpxTjUUMIMnwPqYBBVu_FgJcIWtw1r-fWL3RHz-pzr-eSX-6bmL3N7ZO30ZCSLoYkzAOWTBrnQd0NXFBHyZWlJ-ib9ghgCNbeXbdiYUYFSu7dss5\/s1600\/solarwinds-exploit.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,27],"class_list":["post-209834","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/209834"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=209834"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/209834\/revisions"}],"predecessor-version":[{"id":209836,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/209834\/revisions\/209836"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/209835"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=209834"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=209834"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=209834"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}