"CVE-2025-26399 (CVSS score: 9.8) - A deserialization of untrusted data vulnerability in the AjaxProxy component of SolarWinds Web Help Desk that could allow an attacker to run commands on the host machine."
"The addition of CVE-2025-26399 comes in the wake of reports from Microsoft and Huntress that threat actors are exploiting security flaws in SolarWinds Web Help Desk to obtain initial access. The activity is believed to be the work of the Warlock ransomware crew."
"CVE-2021-22054, on the other hand, was flagged by GreyNoise in March 2025 as being exploited in conjunction with several other SSRF vulnerabilities in other products as part of a coordinated campaign."
"To counter the risk posed by active threats, Federal Civilian Executive Branch (FCEB) agencies have been ordered to apply the fix for SolarWinds Web Help Desk by March 12, 2026, and the remaining two by March 23, 2026."
CISA identified three security vulnerabilities being actively exploited in the wild and added them to its Known Exploited Vulnerabilities catalog. CVE-2025-26399 in SolarWinds Web Help Desk has a critical CVSS score of 9.8 and allows remote code execution; the Warlock ransomware group is exploiting this flaw for initial access. CVE-2021-22054 affects Omnissa Workspace One UEM with a 7.5 CVSS score, enabling unauthenticated SSRF attacks. CVE-2026-1603 in Ivanti Endpoint Manager carries an 8.6 CVSS score and permits authentication bypass to leak credentials. Federal agencies must remediate the SolarWinds vulnerability by March 12, 2026, and the other two by March 23, 2026.
#vulnerability-management #active-exploitation #ransomware #federal-cybersecurity #critical-infrastructure
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]