SolarWinds faces renewed scrutiny with the emergence of two critical vulnerabilities, CVE-2025-40551 and CVE-2025-40536, affecting Web Help Desk. Both flaws enable attackers to escalate privileges or execute unauthorised code, risking domain compromise and exposure of key infrastructure.
Immediate response is vital: apply patches promptly—updates are available—then investigate signs of compromise, including suspicious logins and scripts. If patching isn’t feasible, restrict exposure with firewall and access controls, and disable unnecessary services.
Web Help Desk servers hold substantial privileges, making them attractive targets. Prioritise their security alongside other vital systems to prevent lateral movement and major breaches. Treat ticketing tools as high-risk assets, not afterthoughts, within your layered security strategy.
