You are currently viewing Serv-U Vulnerabilities Expose Systems to Root Compromise

Serv-U Vulnerabilities Expose Systems to Root Compromise

  • Post author:
  • Reading time:2 mins read

SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. These vulnerabilities affect SolarWinds Serv-U version 15.5 and have been addressed in version 15.5.4.

Vulnerability Details

The most severe of the four security flaws patched is tracked as CVE-2025-40538, and it allows attackers with high privileges to gain root or admin permissions on vulnerable servers. All four flaws have a CVSS score of 9.1 and require administrative privileges for successful exploitation.

The vulnerabilities include:

  • CVE-2025-40538: A broken access control flaw that enables a user with domain or group administrator privileges to create a system administrator account and execute arbitrary code with root-level permissions.
  • CVE-2025-40539: A type confusion vulnerability that can allow an authenticated administrator to execute arbitrary native code with root privileges.
  • CVE-2025-40540: A separate type confusion issue that similarly permits execution of arbitrary native code as root.
  • CVE-2025-40541: An insecure direct object reference (IDOR) vulnerability that may allow an administrator-level user to execute native code with root-level access.

Affected Products

The vulnerabilities affect SolarWinds Serv-U version 15.5. These have been addressed in SolarWinds Serv-U version 15.5.4.

Mitigation

To mitigate the risk from these vulnerabilities, SolarWinds recommends updating to Serv-U version 15.5.4 as soon as possible.

Instantly Fix Risks with Saner Patch Management

Saner patch management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.

It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. Saner patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.

Experience the fastest and most accurate patching software here.