SolarWinds this week introduced patches for 3 vital vulnerabilities present in its Serv-U enterprise file switch resolution.
One of many flaws, tracked as CVE-2025-40549, has been described as a path restriction bypass situation that may be exploited by a risk actor with administrator privileges to execute arbitrary code on a listing.
The seller identified that on Home windows programs the vulnerability has a ‘medium severity’ score as a result of “variations in how paths and residential directories are dealt with”.
The second vulnerability is CVE-2025-40548, a damaged entry management situation that may be exploited by an attacker with admin privileges to execute arbitrary code.
The third flaw, CVE-2025-40547, is a logic error that may be exploited for code execution by an attacker with admin permissions.
For each CVE-2025-40547 and CVE-2025-40548, SolarWinds famous that their severity score is ‘medium’ on Home windows as a result of companies usually run by default underneath less-privileged accounts.
The three safety holes have an effect on SolarWinds Serv-U 15.5.2.2.102 and so they have been patched with the discharge of model 15.5.3.
SolarWinds this week additionally introduced patches for medium-severity open redirection and XSS vulnerabilities in Observability Self-Hosted.Commercial. Scroll to proceed studying.
It’s not unusual for risk actors to use SolarWinds product vulnerabilities of their assaults, together with Serv-U flaws.
The Identified Exploited Vulnerabilities (KEV) catalog maintained by the cybersecurity company CISA at the moment consists of seven SolarWinds flaws, together with ones impacting Internet Assist Desk, Orion, Virtualization Supervisor, and Serv-U.
Associated: SolarWinds Makes Third Try at Patching Exploited Vulnerability
Associated: CISA Flags Crucial SolarWinds Internet Assist Desk Bug for In-the-Wild Exploitation
Associated: SolarWinds Patches Excessive-Severity Vulnerability Reported by NATO Pentester
Associated: SolarWinds Patches Crucial Vulnerability in Entry Rights Supervisor
