—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in SolarWinds Serv-U

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

SolarWinds Serv-U Version 15.5.3 and prior

Overview

Multiple vulnerabilities have been reported in SolarWinds Serv-U which could allow an attacker to execute arbitrary code on the targeted system.

Target Audience:

All organizations and individuals using SolarWinds Serv-U products.

Risk Assessment:

Critical risk of unauthorized administrative access, authentication bypass, privilege escalation, arbitrary code execution and full system compromise.

Impact Assessment:

Potential for arbitrary code execution, system configuration manipulation, data exposure and gaining unauthorized access.

Description

SolarWinds Serv-U is an enterprise-grade managed file transfer (MFT) solution used for secure file exchange across networks.

These vulnerabilities exist in SolarWinds Serv-U due to improper access control and logic handling flaws. An attacker with administrative privileges could exploit these vulnerabilities to execute arbitrary code on the affected system.

Solution

Apply appropriate updates as mentioned by the vendor:

https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40538

https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40539

https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40540

https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40541

Vendor Information

SolarWinds

https://www.solarwinds.com/trust-center/security-advisories

References

SolarWinds

https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40538

https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40539

https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40540

https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40541

CVE Name

CVE-2025-40538

CVE-2025-40539

CVE-2025-40540

CVE-2025-40541

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmmhmsgACgkQ3jCgcSdc

ys8eQQ/8CIfXxtZcQXxFsI2KAUdXX8BxJzIEyTQT4BecPffOIKJX7e2W/O/WYNOb

DssegWCAjAD44I0GG2JHBSVKDNDKeLM51+3MBZ8jVzZOLMDDEdb4ZbY0LRAKJXVM

DHqLq0ScA7NCke5EeqldowYBaKXWODtDSf20C7bh0umW5499PX1Qb6SmKcmct99e

EnkHO+tT6s/j4eRxtbYkGJI50nr7S3+TjzMF5rvGbJj6Ktw6CjnKefdKy0dwRgnR

uKE1aNF+VmQwQjl4AgcCk3NAmUwcJmrvBPsiQVcJYrzCaSDBomg4JWMdcooCmRUS

U92UqMfj/93vbEOKB+ivmNM+xczCdvkdoNKI6mnG2UacydD7NI8INMF4Knjvg+rk

SJiQ3j/EtELaLynME24N0EUN3SA7cvv0MGsq4jnr5Art3zjzBoqnq/NaX0COXL/W

9QfsjjqEVr984Zz7OUKt0/0GvOarnNu2lmpvAV+7Vnr4LBXQvPwNL9ORsRAwZaIF

DgxSGM6Yx3fChawmC7861jzGGVah4k5sm2f9gNF29sN1IkmyDGRvxtB9jSLvAS8h

to8YHTNLXhRkIzU2k2jmgrhOf7jlKMlFKmfaSGUzR6lHLT6hq6rW5O5GvTjFu/WW

1qVRCaK2AC66B/8QQgFst+uVvf88uQlM/kG2N5xfCdRVC+xvV9U=

=tZYd

—–END PGP SIGNATURE—–