CISA Mandates Emergency Patching for SolarWinds Web Help Desk Vulnerabilities
Take action: When a federal agency shortens a patch deadline to just a few days, it means the product is actively and successfuly hacked. Treat your SolarWinds as an immediate priority, patch and ideally if possible isolate your help desk software from the public internet.
Learn More
CISA has issued an urgent directive shortening the patch deadline for critical vulnerabilities in the SolarWinds Web Help Desk platform. Federal civilian agencies are now required to remediate these flaws by Thursday following confirmed reports of active exploitation by both cybercriminals and nation-state actors.
The exploited flaw is CVE-2025-26399 (CVSS score 9.8), a vulnerability in SolarWinds Web Help Desk that allows remote attackers to compromise the IT service management platform.
By gaining control of the Web Help Desk, attackers can exfiltrate sensitive data regarding network architecture, user credentials, and internal security tickets. This flaw is a foothold for lateral movement, allowing threat actors to pivot from the help desk into more sensitive areas of the corporate or federal network.
This emergency action marks the third time in a single month that CISA has ordered immediate patching for this specific SolarWinds tool. In early February 2025, agencies were given only four days to address a separate flaw, followed by a three-day deadline for another bug just two weeks later.
Organizations using SolarWinds Web Help Desk must prioritize the installation of the latest security updates.
