CISA orders federal agencies to patch exploited SolarWinds bug by Friday
CVE-2025-40551 carries a critical severity score of 9.8 out of 10 and impacts SolarWinds Web Help Desk (WHD) — an IT service management platform used by many large organizations to handle ticketing, asset tracking and other tasks.
A vulnerability affecting a popular IT help desk tool from software company SolarWinds is being exploited by hackers, according to the U.S. cyber defense agency.
Federal civilian agencies will have until Friday to patch CVE-2025-40551, a critical vulnerability reported by SolarWinds last week. The company said security researchers at Horizon3.ai discovered the vulnerability and reported it to them.
CVE-2025-40551 carries a critical severity score of 9.8 out of 10 and impacts SolarWinds Web Help Desk (WHD) — an IT service management platform used by many large organizations to handle ticketing, asset tracking and other tasks. The tool helps companies centralize IT support operations.
Source: https://therecord.media/cisa-orders-agencies-patch-solarwinds-vuln
Related breach coverage
- CISA shortens patch deadline for critical Ivanti, SolarWinds bugs2026-03-10
The Cybersecurity and Infrastructure Security Agency (CISA) gave all federal civilian agencies until Thursday to patch CVE-2025-26399 — a critical vulnerability impacting the popular SolarWinds Web Help Desk.
- CISA tells federal agencies to patch Citrix NetScaler bug by Thursday2026-03-31
The bug enables threat actors to send requests that disclose sensitive information and carries a severity score of 9.3 out of 10, indicating a critical risk.
- CISA orders feds to patch Samsung zero-day used in spyware attacks2025-11-10
CISA ordered U.S. federal agencies today to patch a critical Samsung vulnerability that has been exploited in zero-day attacks to deploy LandFall spyware on devices running WhatsApp. [...]
- CISA orders feds to patch MongoBleed flaw exploited in attacks2025-12-30
CISA ordered U.S. federal agencies to patch an actively exploited MongoDB vulnerability (MongoBleed) that can be exploited to steal credentials, API keys, and other sensitive data. [...]