CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

Fresh SolarWinds Vulnerability Exploited in Attacks

The critical-severity SolarWinds Web Help Desk flaw could lead to unauthenticated remote code execution. The post Fresh SolarWinds Vulnerability Exploited in Attacks appeared first on SecurityWeek.

SolarWinds patches vulnerability

Threat actors are exploiting a critical-severity SolarWinds vulnerability that was patched last week, the US cybersecurity agency CISA warns.

Tracked as CVE-2025-40551 (CVSS score of 9.8), the bug affects SolarWinds Web Help Desk (WHD), the ticketing system, service, and asset management solution that has long been a preferred target for hackers.

The fresh flaw is described as an untrusted data deserialization issue that can be exploited without authentication for remote code execution (RCE).

CVE-2025-40551 exists in AjaxProxy functionality due to improper sanitization of requests and the bypass of a blocklist function. Previous security defects in AjaxProxy were exploited using the same method.

Last week, SolarWinds rolled out WHD version 2026.1 with patches for this vulnerability and five other issues, but made no mention of any of them being exploited in attacks.

On Tuesday, CISA added CVE-2025-40551 to its Known Exploited Vulnerabilities (KEV) catalog, confirming in-the-wild exploitation and urging federal agencies to patch it within three days, which underlines the high risk the flaw poses.

In addition to the SolarWinds defect, CISA added one GitLab vulnerability and two Sangoma FreePBX issues to the KEV list.

The GitLab bug, tracked as CVE-2021-39935, is a medium-severity issue allowing authenticated attackers to mount SSRF attacks via the CI Lint API. It was patched in December 2021 in GitLab CE/EE versions 14.3.6, 14.4.4, and 14.5.2.

There appear to have been no reports on the exploitation of the SolarWinds and GitLab vulnerabilities prior to CISA’s warning.

The Sangoma FreePBX issues newly added to KEV, however, tracked as CVE-2019-19006 and CVE-2025-64328, were flagged as exploited in attacks before.

In November 2020, Check Point warned that the hacking group tracked as INJ3CTOR3 had been exploiting CVE-2019-19006. Last week, Fortinet said the group has been exploiting CVE-2025-64328 since December.

As mandated by Binding Operational Directive (BOD) 22-01, federal agencies have three weeks to identify vulnerable GitLab and Sangoma FreePBX instances in their environments and apply the available fixes and mitigations.

Related: Critical React Native Vulnerability Exploited in the Wild

Related: Vulnerability Allows Hackers to Hijack OpenClaw AI Assistant

Related: Default ICS Credentials Exploited in Destructive Attack on Polish Energy Facilities

Related: eScan Antivirus Delivers Malware in Supply Chain Attack

Latest News

CYBERNEWSMEDIAPublisher