ACCORDING to CISA, recently disclosed vulnerabilities affecting SolarWinds, Notepad++, Apple and Microsoft have been exploited in the wild, with SolarWinds CVE-2025-40536 described as a security control bypass in Web Help Desk that could allow unauthenticated access to restricted functionality. The flaw, scored 8.1 on CVSS, was added to the Known Exploited Vulnerabilities list, and federal agencies were told to patch within three days.
The report notes that Microsoft said CVE-2025-40536 might have been exploited as a zero-day in December 2025, and that CVE-2025-40551 was likely targeted as a zero-day in the same attack, with Rapid7 attributing the Notepad++ campaign to Lotus Blossom and noting a June 2025 start.
Notepad++ also carries CVE-2025-15556, an update integrity verification flaw exploited by attackers to intercept updates, while CVE-2024-43468 is a Microsoft Configuration Manager RCE flaw resolved in October 2024, described as an unauthenticated SQL injection vulnerability. The article states three weeks were allotted for patches to address Apple, Microsoft, and Notepad++ vulnerabilities.