• SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution SolarWinds hasreleased updatesto address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. • The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below - CVE-2025-40538- A broken access control vulnerability that allows an attacker to create a system admin user and execute arbitrary code as root via domain admin or group admin privileges. • CVE-2025-40539- A type confusion vulnerability that allows an attacker to execute arbitrary native code as root. • CVE-2025-40540- A type confusion vulnerability that allows an attacker to execute arbitrary native code as root. • CVE-2025-40541- An insecure direct object reference (IDOR) vulnerability that allows an attacker to execute native code as root. • SolarWinds noted that the vulnerabilities require administrative privileges for successful exploitation.

Article Summaries:

  • SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below - - CVE-2025-40538 - A broken access control vulnerability that allows an attacker to create a system admin user and execute arbitrary code as root via domain admin or group admin privileges. - CVE-2025-40539 - A type confusion vulnerability that allows an attacker to execute arbitrary native code as root. - CVE-2025-40540 - A type confu

Sources: