CISA shortens patch deadline for critical Ivanti, SolarWinds bugs
The Cybersecurity and Infrastructure Security Agency (CISA) gave all federal civilian agencies until Thursday to patch CVE-2025-26399 — a critical vulnerability impacting the popular SolarWinds Web Help Desk.
Federal agencies will have significantly less time than usual to patch three different vulnerabilities following reports that they are being exploited by cybercriminals and nation-state actors.
The Cybersecurity and Infrastructure Security Agency (CISA) gave all federal civilian agencies until Thursday to patch CVE-2025-26399 — a critical vulnerability impacting the popular SolarWinds Web Help Desk, an IT service management platform used by many government agencies to handle ticketing, asset tracking and other tasks. The tool is used to centralize IT support operations.
The bug was discovered by Trend Micro’s Zero Day Initiative in September and researchers have warned since then that it is being exploited.
Source: https://therecord.media/cisa-shortens-patch-deadline-ivanti-solarwinds
Related breach coverage
- CISA orders federal agencies to patch exploited SolarWinds bug by Friday2026-02-03
CVE-2025-40551 carries a critical severity score of 9.8 out of 10 and impacts SolarWinds Web Help Desk (WHD) — an IT service management platform used by many large organizations to handle ticketing, asset tracking and other tasks.
- U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog2025-12-17
U.S. CISA adds a vulnerability impacting multiple products to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability, tracked as CVE-2025-59718 (CVSS Score of 9.1), to its Known Exploited Vulnerabilities (KEV) catalog. Threat actors started exploiting two critical flaws, tracked as CVE-2025-59718 and CVE-2025-59719 (CVSS score of 9.1), […]
- U.S. CISA adds SolarWinds Web Help Desk, Notepad++, Microsoft Configuration Manager, and Apple devices flaws to its Known Exploited Vulnerabilities catalog2026-02-13
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SolarWinds Web Help Desk, Notepad++, Microsoft Configuration Manager, and Apple devices flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SolarWinds Web Help Desk, Notepad++, Microsoft Configuration Manager, and Apple devices flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws […]
- CISA pushes Federal agencies to retire end-of-support edge devices2026-02-07
CISA ordered U.S. federal agencies to improve management of edge network devices and replace unsupported ones within 12–18 months. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) instructed U.S. federal civilian agencies to strengthen how they manage edge network devices throughout their lifecycle. According to Binding Operational Directive 26-02, Mitigating Risk From End-of-Support Edge Devices, agencies must […]