CISA adds SolarWinds and Ivanti flaws to Known Exploited Vulnerabilities. π
CVE-2025-26399 Β· Severity 9.8 Β· Deserialization RCE in SolarWinds Web Help Desk.
The @[CISA](urn:li:organization:13010360) has added three security flaws to its KEV catalog in the last 24 hours. This includes a critical RCE in @[SolarWinds](urn:li:organization:166292) Web Help Desk and a high-severity authentication bypass in @[Ivanti](urn:li:organization:36124) Endpoint Manager (CVE-2026-1603) that allows unauthenticated attackers to leak credential data.
These management tools are high-value targets because they often hold administrative access to vast segments of the enterprise. Attackers are prioritizing these platforms to establish initial access and move laterally into sensitive internal environments.
The uncomfortable truth: The tools you use to manage your network are currently the most effective way for an attacker to dismantle it.
β Patch SolarWinds Web Help Desk and Ivanti Endpoint Manager to the latest resolved versions immediately.
β Strictly isolate all management interfaces from the public internet using secure VPNs or zero-trust gateways.
β Monitor for unauthorized credential access or anomalous administrative command execution.
Are you managing your support and management tools with the same rigor as your production servers? π
#Cybersecurity #VulnerabilityManagement #SolarWinds #Ivanti #SOC #CodeDefence