CISA Issues Warning on Exploited SolarWinds, Notepad++, and Microsoft Vulnerabilities

Post Views: 47

CISA Warns of Exploited Vulnerabilities in Popular Software Products

A recent alert from the US Cybersecurity and Infrastructure Security Agency (CISA) has highlighted the exploitation of multiple vulnerabilities in popular software products, including SolarWinds, Notepad++, and Apple.

Newly Added Vulnerabilities to CISA’s KEV List

The warning comes after the agency added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) list, which tracks security defects that have been actively exploited by threat actors.

SolarWinds’ Web Help Desk Vulnerability

The first vulnerability, tracked as CVE-2025-40536, affects SolarWinds’ Web Help Desk (WHD) and carries a CVSS score of 8.1. This security control bypass flaw was discovered and reported by Horizon3.ai, which warned that it could be exploited to create a valid AjaxProxy instance, allowing attackers to execute additional bugs and achieve remote code execution (RCE).

CISA has urged federal agencies to patch this vulnerability within three days.

Microsoft’s Previous Warning

Interestingly, Microsoft had previously suggested that CVE-2025-40536 might have been exploited as a zero-day in an attack observed in December 2025. The tech giant also noted that another WHD issue, CVE-2025-40551, might have been targeted as a zero-day in the same attack.

Apple’s Software Vulnerability

Another newly added vulnerability to CISA’s KEV list is CVE-2026-20700, a buffer overflow flaw in Apple’s software that has been exploited in an extremely sophisticated attack. Apple has since patched this vulnerability.

Notepad++ Vulnerability

A fourth vulnerability, CVE-2025-15556, affects Notepad++ and is an update integrity verification flaw that was patched in early February. This vulnerability was exploited by China-linked hackers for initial access in attacks that likely started in June 2025.

Rapid7 has attributed the campaign to the cyberespionage group tracked as Lotus Blossom.

Microsoft Configuration Manager Vulnerability

The final vulnerability, CVE-2024-43468, is a critical-severity RCE flaw in Microsoft Configuration Manager that was resolved in October 2024. This SQL injection bug can be exploited without authentication or user interaction via specially crafted requests.

Although proof-of-concept (PoC) code targeting this vulnerability has been publicly available for over a year, there have been no reports of it being exploited in attacks prior to CISA’s warning.

CISA’s Warning and Recommendations

CISA has given federal agencies three weeks to apply patches for the Apple, Microsoft, and Notepad++ vulnerabilities. The agency’s warning serves as a reminder of the importance of prompt patching and vulnerability management in preventing cyber attacks.