As reported by Security Affairs, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several critical vulnerabilities affecting SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab to its catalog of Known Exploited Vulnerabilities (KEV). This action mandates federal agencies to address these security weaknesses promptly.The newly added vulnerabilities include a high-severity deserialization flaw in SolarWinds Web Help Desk (CVE-2025-40551), enabling remote code execution. Also included are two Sangoma FreePBX vulnerabilities: an improper authentication bypass (CVE-2019-19006) and an OS command injection in the Endpoint Manager (CVE-2025-64328), both allowing significant system control. A GitLab Community and Enterprise Editions server-side request forgery (SSRF) vulnerability (CVE-2021-39935) was also cataloged, with GreyNoise observing a surge in SSRF exploitation attempts.CISA's Binding Operational Directive 22-01 requires federal agencies to remediate these vulnerabilities by specific deadlines, with the SolarWinds flaw needing immediate attention by February 6 and others by February 24, 2026.Source: Security Affairs
Vulnerability Management, Patch/Configuration Management, Critical Infrastructure Security
CISA adds SolarWinds, FreePBX and GitLab vulnerabilities to KEV catalog
(Photo by SUZANNE CORDEIRO/AFP via Getty Images)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds