Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution

The Hacker News by The Hacker News
February 25, 2026
Home Cybersecurity
Share on FacebookShare on Twitter


Ravie LakshmananFeb 25, 2026Vulnerability / Windows Security

SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution.

The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below –

  • CVE-2025-40538 – A broken access control vulnerability that allows an attacker to create a system admin user and execute arbitrary code as root via domain admin or group admin privileges.
  • CVE-2025-40539 – A type confusion vulnerability that allows an attacker to execute arbitrary native code as root.
  • CVE-2025-40540 – A type confusion vulnerability that allows an attacker to execute arbitrary native code as root.
  • CVE-2025-40541 – An insecure direct object reference (IDOR) vulnerability that allows an attacker to execute native code as root.

SolarWinds noted that the vulnerabilities require administrative privileges for successful exploitation. It also said that they carry a medium security risk on Windows deployments as the services “frequently run under less-privileged service accounts by default.”

The four shortcomings affect SolarWinds Serv-U version 15.5. They have been addressed in SolarWinds Serv-U version 15.5.4.

While SolarWinds makes no mention of the security flaws being exploited in the wild, prior vulnerabilities in the software (CVE-2021-35211, CVE-2021-35247, and CVE-2024-28995) have been exploited by malicious actors, including by a China-based hacking group tracked as Storm-0322 (formerly DEV-0322).



Source link

The Hacker News

The Hacker News

Next Post
UK government commits £483m to Post Office for IT transformation | Computer Weekly

UK government commits £483m to Post Office for IT transformation | Computer Weekly

Recommended.

Splunk Partners Seeing More Opportunities, Channel Resources Amid Ongoing Cisco Integration

Splunk Partners Seeing More Opportunities, Channel Resources Amid Ongoing Cisco Integration

September 12, 2025
MWC Barcelona 2026: ZTE präsentiert Full-Stack KI-Innovationen und gestaltet eine intelligente Zukunft

MWC Barcelona 2026: ZTE präsentiert Full-Stack KI-Innovationen und gestaltet eine intelligente Zukunft

March 9, 2026

Trending.

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

April 21, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio