Close Menu
  • Start
  • Celebrities
  • Music
  • Influencers
  • Tendencies
  • Exclusives
  • Business & Brands
  • TwinH
  • Spanish
What's Hot

Randy Rainbow Draws Donald Trump as ‘Psychopathic’ in Jazzy Song Parody

Serena Williams returns to Wimbledon in Nike tennis kit

Bear’s final run is a season of disappointment

Facebook X (Twitter) Instagram
  • Home
  • About The FYMOUS
  • Advertising / Promotion
  • Contact
  • DMCA
  • Privacy Policy
  • Terms
  • Publish News
Facebook X (Twitter) Instagram
FYMOUS News
  • Start
  • Celebrities
  • Music
  • Influencers
  • Tendencies
  • Exclusives
  • Business & Brands
  • TwinH
  • Spanish
FYMOUS News
Home » CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog
Celebrities

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog

By February 4, 2026No Comments2 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

Ravi LakshmananFebruary 4, 2026Software security/vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw affecting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog, flagging it as being actively exploited in attacks.

This vulnerability, tracked as CVE-2025-40551 (CVSS score: 9.8), is an untrusted data deserialization vulnerability that could lead to remote code execution.

“SolarWinds Web Help Desk contains an untrusted data deserialization vulnerability that could lead to remote code execution, allowing an attacker to execute commands on the host machine,” CISA said. “This can be exploited without authentication.”

SolarWinds last week issued fixes for this flaw: CVE-2025-40536 (CVSS score: 8.1), CVE-2025-40537 (CVSS score: 7.5), CVE-2025-40552 (CVSS score: 9.8), CVE-2025-40553 (CVSS score: 9.8) Published with CVE-2025-40554 (CVSS score: 9.8), WHD version 2026.1.

At this time, it has not been disclosed how this vulnerability is being exploited, who is targeted, or the scale of the attack. This is the latest example of how threat actors are moving quickly to exploit newly revealed flaws.

Three other vulnerabilities have been added to the KEV catalog.

CVE-2019-19006 (CVSS Score: 9.8) – Improper authentication vulnerability in Sangoma FreePBX could allow an unprivileged user to bypass password authentication and gain access to services provided by a FreePBX administrator CVE-2025-64328 (CVSS Score: 8.6) – Sangoma FreePBX Operating System Commands Injection vulnerability could allow post-authentication command execution CVE-2021-39935 (CVSS score: 7.5/6.8) – Server-side request forgery (SSRF) in GitLab Community and Enterprise Editions could be injected by a known authenticated user via the testconnection -> check_ssh_connect() function and gain remote access to the system as the Asterisk user. A vulnerability could allow an unprivileged external user to make server-side requests via the CI Lint API.

It is worth noting that the exploitation of CVE-2021-39935 was brought to our attention by GreyNoise in March 2025 as part of a coordinated spike in SSRF vulnerability exploitation across multiple platforms including DotNetNuke, Zimbra Collaboration Suite, Broadcom VMware vCenter, ColumbiaSoft DocumentLocator, BerriAI LiteLLM, and Ivanti Connect Secure.

Federal Civilian Executive Branch (FCEB) agencies must remediate CVE-2025-40551 by February 6, 2026, and the remainder by February 24, 2026, in accordance with Binding Operating Directive (BOD) 22-01: Reducing the Significant Risk of Exploited Known Vulnerabilities.


Source link

#BlockchainIdentity #Cybersecurity #DataProtection #DigitalEthics #DigitalIdentity #Privacy
Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticlePeter Attia, a longevity guru with ties to Epstein, leaves David Protein, says his startup has ‘no comment’
Next Article Eclipse Foundation requires pre-publication security checks for open VSX extensions

Related Posts

Serena Williams returns to Wimbledon in Nike tennis kit

June 30, 2026

Best Hair Moments at the 2026 BET Awards

June 29, 2026

Pharrell Williams shows off his bold take on men’s wedding rings

June 29, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

Randy Rainbow Draws Donald Trump as ‘Psychopathic’ in Jazzy Song Parody

Serena Williams returns to Wimbledon in Nike tennis kit

Bear’s final run is a season of disappointment

“It was never a racial issue.”

Trending Posts

Randy Rainbow Draws Donald Trump as ‘Psychopathic’ in Jazzy Song Parody

June 30, 2026

Serena Williams returns to Wimbledon in Nike tennis kit

June 30, 2026

“It was never a racial issue.”

June 30, 2026

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to The FYMOUS, a modern digital media platform dedicated to celebrities, artists, influencers, brands, entertainment culture, and the growing TwinH ecosystem.

We bring audiences closer to the people, stories, trends, and collaborations shaping today’s culture. From exclusive celebrity news and music releases to influencer highlights, brand partnerships, and TwinH activations, The FYMOUS delivers engaging content designed for the next generation of digital audiences.

Castilla-La Mancha Ignites Innovation: fiveclmsummit Redefines Tech Future

Local Power, Health Innovation: Alcolea de Calatrava Boosts FiveCLM PoC with Community Engagement

The Future of Digital Twins in Healthcare: From Virtual Replicas to Personalized Medical Models

Human Digital Twins: The Next Tech Frontier Set to Transform Healthcare and Beyond

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About The FYMOUS
  • Advertising / Promotion
  • Contact
  • DMCA
  • Privacy Policy
  • Terms
  • Publish News
© 2026 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.