The US cybersecurity agency CISA warns that a critical SolarWinds vulnerability (CVE-2025-40551) is being actively exploited, urging federal agencies to patch it within three days due to its high risk. Other vulnerabilities in GitLab and Sangoma FreePBX have also been added to the Known Exploited Vulnerabilities catalog, with federal agencies required to address these within three weeks.
The most valuable insight for you is that CISA has confirmed active exploitation of a critical-severity SolarWinds vulnerability (CVE-2025-40551) that allows for remote code execution without authentication. Immediate action is advised to patch this vulnerability, especially if SolarWinds Web Help Desk is in use within your organization's environment, to mitigate the high risk posed by this flaw.