SolarWinds
-
CISA adds three vulnerabilities to Known Exploited Vulnerabilities catalog and sets federal patch dates
CISA added three vulnerabilities to its Known Exploited Vulnerabilities catalog on Monday, covering Workspace One UEM, SolarWinds Web Help Desk, and Endpoint Manager. Federal civilian agencies must apply fixes by mid and late March.
-
CISA adds actively exploited SolarWinds Web Help Desk flaw CVE-2025-40551 to KEV
CISA added CVE-2025-40551 in SolarWinds Web Help Desk to its Known Exploited Vulnerabilities catalog, marking it actively exploited with a CVSS score of 9.8. Federal agencies face a February 6, 2026 remediation deadline.
-
CISA retires 10 Emergency Directives issued 2019 to 2024
CISA is retiring 10 Emergency Directives issued from 2019 through 2024 after required actions were implemented or enforcement moved to Binding Operational Directive 22-01. The closed directives include SolarWinds and Exchange mitigation orders.
-
SEC asks court to dismiss lawsuit against SolarWinds and its CISO
The SEC moved to voluntarily dismiss its enforcement action against SolarWinds and CISO Timothy G. Brown on Nov. 20, 2025. The agency had accused the company of overstating cybersecurity practices and failing to disclose risks related to the 2020 supply‑chain compromise, but many allegations were previously dismissed by a federal court.
