CISA flags SolarWinds and Ivanti management tools as actively exploited. π
CVE-2025-26399 Β· Severity 9.8 Β· Deserialization RCE in SolarWinds Web Help Desk.
The @[CISA](urn:li:organization:13010360) has added critical vulnerabilities in @[SolarWinds](urn:li:organization:166292) Web Help Desk and @[Ivanti](urn:li:organization:36124) Endpoint Manager (CVE-2026-1603) to the Known Exploited Vulnerabilities catalog. Reports indicate that ransomware groups are actively exploiting the SolarWinds flaw to achieve initial access and execute commands on host machines.
Management platforms are high-value targets because they often possess deep administrative privileges across the entire enterprise. A compromise here allows an attacker to move laterally with ease and disable security controls across the network.
The uncomfortable truth: The tools you use to manage your network are currently the most effective way for an attacker to dismantle it.
β Patch SolarWinds Web Help Desk and Ivanti Endpoint Manager to the latest resolved versions immediately.
β Strictly isolate all management interfaces from the public internet using secure VPNs or zero-trust gateways.
β Monitor for unauthorized credential access or anomalous administrative command execution originating from these servers.
Are you managing your support and management tools with the same rigor as your production servers? π
#Cybersecurity #VulnerabilityManagement #SolarWinds #Ivanti #SOC #CodeDefence