CISA Warns of Exploited SolarWinds, Notepad++, Microsoft Vulnerabilities

CISA Warns of Exploited SolarWinds, Notepad++, Microsoft Vulnerabilities

Briefly

"Tracked as CVE-2025-40536 (CVSS score of 8.1) and disclosed at the end of January, the SolarWinds flaw is described as a security control bypass in Web Help Desk (WHD) that could allow unauthenticated attackers to access restricted functionality. The security defect was found and reported by Horizon3.ai, which warned that it could be exploited to create a valid AjaxProxy instance, allowing attackers to exploit additional bugs to achieve remote code execution (RCE)."

"On Thursday, CISA added CVE-2025-40536 to its Known Exploited Vulnerabilities (KEV) list, urging federal agencies to patch it within three days. The agency has not shared details on the observed exploitation, but its warning comes a week after Microsoft said that CVE-2025-40536 might have been exploited as a zero-day in an attack observed in December 2025. The tech giant said that CVE-2025-40551, another fresh WHD issue that was added to CISA's KEV list last week, might have been targeted as a zero-day as well, in the same attack."

"Another newly disclosed vulnerability that has made it to CISA's KEV list is CVE-2025-15556, an update integrity verification flaw in Notepad++ patched in early February. Rooted in the lack of cryptographic verification of downloaded update metadata and installers, the issue affects Notepad++ deployments using the WinGUp updater and could allow attackers to intercept update traffic and supply modified installers, achieving arbitrary code execution. China-linked hackers were seen exploiting the flaw for initial access in attacks that likely started in June 2025."