Article: SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution

Meridiano

Add Article

Image for Article: SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution

Article Details

Title

Article: SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution

Impact Score

4 / 10

AI Summary (Processed Content)

SolarWinds has released patches for four critical vulnerabilities in its Serv-U file transfer software, which could allow remote code execution. The flaws, all rated 9.1 in severity, affect Serv-U version 15.5 and have been fixed in version 15.5.4. While exploitation requires administrative privileges, the company notes a medium risk on Windows systems. There is no mention of current active exploitation, though similar past vulnerabilities have been weaponized by threat actors.

Original URL

https://thehackernews.com/2026/02/solarwinds-patches-4-critical-serv-u.html

Source Feed

The Hacker News

Published Date

2026-02-25 07:04

Fetched Date

2026-03-04 13:39

Processed Date

2026-03-04 13:55

Embedding Status

Present

Cluster ID

Not Clustered

Raw Extracted Content

SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution.
The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below -
- CVE-2025-40538 - A broken access control vulnerability that allows an attacker to create a system admin user and execute arbitrary code as root via domain admin or group admin privileges.
- CVE-2025-40539 - A type confusion vulnerability that allows an attacker to execute arbitrary native code as root.
- CVE-2025-40540 - A type confusion vulnerability that allows an attacker to execute arbitrary native code as root.
- CVE-2025-40541 - An insecure direct object reference (IDOR) vulnerability that allows an attacker to execute native code as root.
SolarWinds noted that the vulnerabilities require administrative privileges for successful exploitation. It also said that they carry a medium security risk on Windows deployments as the services "frequently run under less-privileged service accounts by default."
The four shortcomings affect SolarWinds Serv-U version 15.5. They have been addressed in SolarWinds Serv-U version 15.5.4.
While SolarWinds makes no mention of the security flaws being exploited in the wild, prior vulnerabilities in the software (CVE-2021-35211, CVE-2021-35247, and CVE-2024-28995) have been exploited by malicious actors, including by a China-based hacking group tracked as Storm-0322 (formerly DEV-0322).