Fresh SolarWinds Vulnerability Exploited in Attacks

Threat actors are exploiting a critical-severity SolarWinds vulnerability that was patched last week, the US cybersecurity agency CISA warns.

Tracked as CVE-2025-40551 (CVSS score of 9.8), the bug affects SolarWinds Web Help Desk (WHD), the ticketing system, service, and asset management solution that has long been a preferred target for hackers.

The fresh flaw is described as an untrusted data deserialization issue that can be exploited without authentication for remote code execution (RCE).

CVE-2025-40551 exists in AjaxProxy functionality due to improper sanitization of requests and the bypass of a blocklist function. Previous security defects in AjaxProxy were exploited using the same method.

Last week, SolarWinds rolled out WHD version 2026.1 with patches for this vulnerability and five other issues, but made no mention of any of them being exploited in attacks.

On Tuesday, CISA added CVE-2025-40551 to its Known Exploited Vulnerabilities (KEV) catalog, confirming in-the-wild exploitation and urging ...