"Government agencies in the United States have been given three days to install the security update. According to CISA, the flaw is now being used in real attacks. The vulnerability in question is CVE-2025-40551 in SolarWinds Web Help Desk. The cause lies in an error in the processing of untrusted data, which allows an attacker to execute code remotely on a vulnerable system without logging in."
"On January 28, SolarWinds released a new version of Web Help Desk that fixes the problem. In the update notes, the company stated that the vulnerability could be exploited to allow an attacker to execute commands on the underlying server. The same update contained additional security fixes. For example, an error with hard-coded login credentials was resolved, as were two vulnerabilities that allowed authentication to be bypassed. All of these issues could be exploited remotely."
"On Tuesday, the Cybersecurity and Infrastructure Security Agency (CISA) included the vulnerability in its list of actively exploited security vulnerabilities. This means that federal government agencies are required by Binding Operational Directive 22-01 to fix the problem within three days. Previous problems with SolarWinds Although this directive only applies to federal agencies, CISA is also calling on other organizations to patch quickly. In the past, vulnerabilities in Web Help Desk have been the target of attacks on several occasions."
SolarWinds Web Help Desk contains a critical remote code execution vulnerability identified as CVE-2025-40551 that allows unauthenticated attackers to execute code by exploiting improper handling of untrusted data. The flaw was discovered by security researcher Jimi Sebree of Horizon3.ai. SolarWinds released a patched Web Help Desk version on January 28 and stated the vulnerability could enable attackers to run commands on the underlying server. The update also fixed hard-coded credentials and two authentication-bypass flaws, all exploitable remotely. CISA added the vulnerability to its actively exploited list, requiring federal agencies to remediate within three days and urging other organizations to patch quickly. Web Help Desk is widely used across governments, healthcare, education, and large enterprises.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]