SolarWinds is once more in the security spotlight following the active exploitation of two newly identified vulnerabilities, CVE-2025-40551 and CVE-2025-40536. These issues are far from trivial: attackers are actively using these flaws in the wild, with the potential for significant damage, including possible domain compromise. Those responsible for IT infrastructure or support systems should treat these vulnerabilities with utmost seriousness.
SolarWinds is well known among IT professionals, not least due to previous high-profile incidents. This time, the focus is on Web Help Desk—a component often bypassed in security reviews but essential for IT ticket handling. The two vulnerabilities now under scrutiny can allow attackers to escalate privileges or move laterally within your environment, raising the risk of exposure for domain controllers and other critical assets.
CVE-2025-40551 facilitates remote code execution, turning your server into a playground for unauthorised scripts. Meanwhile, CVE-2025-40536 can provide unauthorised access through specifically crafted requests, effectively handing over Help Desk controls to attackers.
Immediate action should follow a three-pronged approach. First, patch without delay, as SolarWinds has released updates addressing these vulnerabilities. The time between public disclosure and evidence of active exploits grows ever shorter, so swift patching is essential. Second, search for indications of compromise. Watch for unusual logins, unknown scheduled tasks, or unexpected scripts present on Web Help Desk servers. For reference, Microsoft provides guidance on threat hunting in similar contexts. If immediate patching is impossible, mitigation is crucial: restrict exposure by reviewing firewall rules, limit remote access to the minimum required, and turn off unnecessary services. Employing layered security measures will strengthen your defence.
From an engineering standpoint, it’s unwise to consider your ticketing tools a low-priority target. Attackers are drawn to systems where credentials and privileges often reside or are exchanged. Web Help Desk servers generally hold more privileges than IT teams realise, making them potential gateways to the broader network environment. Keep these platforms as rigorously secured as more obviously critical systems.
For further information, consult the original report at: Microsoft Security Blog.
