A vulnerability affecting a well-liked IT assist desk software from software program firm SolarWinds is being exploited by hackers, in accordance with the U.S. cyber protection company.
Federal civilian businesses may have till Friday to patch CVE-2025-40551, a vital vulnerability reported by SolarWinds final week. The corporate stated safety researchers at Horizon3.ai found the vulnerability and reported it to them.
CVE-2025-40551 carries a vital severity rating of 9.8 out of 10 and impacts SolarWinds Internet Assist Desk (WHD) — an IT service administration platform utilized by many giant organizations to deal with ticketing, asset monitoring and different duties. The software helps firms centralize IT help operations.
Horizon3.ai researcher Jimi Sebree revealed a weblog in regards to the bug that traced the difficulty again to a different vulnerability found in 2024. That bug, CVE-2024-28986, was additionally added to those Cybersecurity and Infrastructure Safety Company’s Recognized Exploited Vulnerabilities listing on the time.
In response to Sebree, CVE-2025-40551 is the newest in a collection of bugs which can be centered round bypasses of fixes to CVE-2024-28986. Sebree found and reported CVE-2025-40551 to SolarWinds on December 5.
Solarwinds has revealed an replace in Internet Assist Desk model 2026.1 that fixes the problems. The corporate mounted CVE-2025-40551 and a number of other different safety bugs that have been just lately found by researchers.
CISA added CVE-2025-40551 to the Recognized Exploited Vulnerabilities catalog alongside three different vulnerabilities that federal civilian businesses might want to patch earlier than the top of the month.
Recorded Future
Intelligence Cloud.
Study extra.
