In March last year, GreyNoisewarnedof a surge in the exploitation of a dozen SSRF bugs in products from multiple vendors, including CVE-2021-22054.On Tuesday,CISA addedthe Workspace One UEM flaw to the KEV catalog along with the Ivanti vulnerability and CVE-2025-26399 (CVSS score of 9.8), a remote code execution (RCE) flaw in SolarWinds Web Help Desk (WHD)patched in September 2025.CVE-2025-26399 is a patch bypass for CVE-2024-28988, which was a patch bypass for CVE-2024-28986. Last month, Microsoft flagged it as potentiallyexploited in the wildin December 2025.Now, CISA has confirmed CVE-2025-26399’s exploitation, as well as its severity, giving federal agencies only one week to identify and patch vulnerable WHD instances within their environments.Related:CISA Warns of Exploited SolarWinds, Notepad++, Microsoft VulnerabilitiesRelated:Recent Cisco Catalyst SD-WAN Vulnerability Now Widely ExploitedRelated:CISA Adds iOS Flaws From Coruna Exploit Kit to KEV ListRelated:Rockwell Vulnerability Allowing Remote ICS Hacking Exploited in Attacks
On Tuesday,CISA addedthe Workspace One UEM flaw to the KEV catalog along with the Ivanti vulnerability and CVE-2025-26399 (CVSS score of 9.8), a remote code execution (RCE) flaw in SolarWinds Web Help Desk (WHD)patched in September 2025.CVE-2025-26399 is a patch bypass for CVE-2024-28988, which was a patch bypass for CVE-2024-28986. Last month, Microsoft flagged it as potentiallyexploited in the wildin December 2025.Now, CISA has confirmed CVE-2025-26399’s exploitation, as well as its severity, giving federal agencies only one week to identify and patch vulnerable WHD instances within their environments.Related:CISA Warns of Exploited SolarWinds, Notepad++, Microsoft VulnerabilitiesRelated:Recent Cisco Catalyst SD-WAN Vulnerability Now Widely ExploitedRelated:CISA Adds iOS Flaws From Coruna Exploit Kit to KEV ListRelated:Rockwell Vulnerability Allowing Remote ICS Hacking Exploited in Attacks
CVE-2025-26399 is a patch bypass for CVE-2024-28988, which was a patch bypass for CVE-2024-28986. Last month, Microsoft flagged it as potentiallyexploited in the wildin December 2025.Now, CISA has confirmed CVE-2025-26399’s exploitation, as well as its severity, giving federal agencies only one week to identify and patch vulnerable WHD instances within their environments.Related:CISA Warns of Exploited SolarWinds, Notepad++, Microsoft VulnerabilitiesRelated:Recent Cisco Catalyst SD-WAN Vulnerability Now Widely ExploitedRelated:CISA Adds iOS Flaws From Coruna Exploit Kit to KEV ListRelated:Rockwell Vulnerability Allowing Remote ICS Hacking Exploited in Attacks
Now, CISA has confirmed CVE-2025-26399’s exploitation, as well as its severity, giving federal agencies only one week to identify and patch vulnerable WHD instances within their environments.Related:CISA Warns of Exploited SolarWinds, Notepad++, Microsoft VulnerabilitiesRelated:Recent Cisco Catalyst SD-WAN Vulnerability Now Widely ExploitedRelated:CISA Adds iOS Flaws From Coruna Exploit Kit to KEV ListRelated:Rockwell Vulnerability Allowing Remote ICS Hacking Exploited in Attacks
Related:CISA Warns of Exploited SolarWinds, Notepad++, Microsoft VulnerabilitiesRelated:Recent Cisco Catalyst SD-WAN Vulnerability Now Widely ExploitedRelated:CISA Adds iOS Flaws From Coruna Exploit Kit to KEV ListRelated:Rockwell Vulnerability Allowing Remote ICS Hacking Exploited in Attacks
Related:Recent Cisco Catalyst SD-WAN Vulnerability Now Widely ExploitedRelated:CISA Adds iOS Flaws From Coruna Exploit Kit to KEV ListRelated:Rockwell Vulnerability Allowing Remote ICS Hacking Exploited in Attacks
Related:CISA Adds iOS Flaws From Coruna Exploit Kit to KEV ListRelated:Rockwell Vulnerability Allowing Remote ICS Hacking Exploited in Attacks
Related:Rockwell Vulnerability Allowing Remote ICS Hacking Exploited in Attacks
Ionut Arghire is an international correspondent for SecurityWeek.
Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure.
Source: SecurityWeek
