Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
SolarWinds Fixes Major Flaws in Serv-U Software

SolarWinds Fixes Major Flaws in Serv-U Software

Posted on February 25, 2026 By CWS

SolarWinds has announced the release of updates to rectify four significant security vulnerabilities in its Serv-U file transfer software. These flaws, if exploited, could lead to remote code execution, posing a substantial threat to affected systems. The vulnerabilities in question have been assigned a CVSS score of 9.1, indicating their severity and potential impact on system security.

Details of the Vulnerabilities

The identified vulnerabilities include a broken access control issue, labeled CVE-2025-40538, which permits attackers to create a system admin user and execute arbitrary code with root privileges through domain or group admin access. Additionally, two type confusion vulnerabilities, CVE-2025-40539 and CVE-2025-40540, have been identified, both capable of allowing execution of native code as root. Lastly, an insecure direct object reference vulnerability, CVE-2025-40541, also enables the execution of native code with root privileges.

Impact and Mitigation

SolarWinds has clarified that exploiting these vulnerabilities necessitates administrative privileges, and they present a medium security risk for Windows deployments. This is due to the fact that the services typically operate under less-privileged accounts by default. The vulnerabilities affect Serv-U version 15.5 and have been resolved with the release of version 15.5.4.

Previous Exploitations and Security Measures

While there is no current evidence suggesting these specific flaws have been actively exploited, historical vulnerabilities within the software have been targeted by malicious entities. Notably, past issues like CVE-2021-35211, CVE-2021-35247, and CVE-2024-28995 were exploited by hackers, including a group associated with China, known as Storm-0322. This underscores the importance of promptly applying the latest updates to safeguard systems against potential threats.

In conclusion, the resolution of these vulnerabilities is crucial for maintaining system integrity and protecting against unauthorized code execution. Users of SolarWinds Serv-U are strongly encouraged to upgrade to the latest version to ensure their systems remain secure against these critical threats.

The Hacker News Tags:CVSS, Cybersecurity, Patch, remote code execution, Security, Serv-U, software update, SolarWinds, Vulnerabilities, Windows security

Post navigation

Previous Post: Hackers Exploit Next.js Repositories Targeting Developers
Next Post: AI Vulnerability Tool Disrupts Cybersecurity Market

Related Posts

New ‘Curly COMrades’ APT Using NGEN COM Hijacking in Georgia, Moldova Attacks New ‘Curly COMrades’ APT Using NGEN COM Hijacking in Georgia, Moldova Attacks The Hacker News
Supply Chain Attack Targets TanStack and AI Packages Supply Chain Attack Targets TanStack and AI Packages The Hacker News
Microsoft Addresses Critical SharePoint Security Flaw Microsoft Addresses Critical SharePoint Security Flaw The Hacker News
Silver Fox Exploits Microsoft-Signed WatchDog Driver to Deploy ValleyRAT Malware Silver Fox Exploits Microsoft-Signed WatchDog Driver to Deploy ValleyRAT Malware The Hacker News
Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation The Hacker News
HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • KittySploit: AI-Driven PenTesting with Over 1150 Modules
  • Cybersecurity Update: Linux Flaws, Ubiquiti Issues, Accenture Breach
  • Apple Accuses OpenAI of Trade Secret Misappropriation
  • Espionage Campaigns Target Pakistani Police Portals
  • Compromised jscrambler npm Package Drops Infostealer

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • KittySploit: AI-Driven PenTesting with Over 1150 Modules
  • Cybersecurity Update: Linux Flaws, Ubiquiti Issues, Accenture Breach
  • Apple Accuses OpenAI of Trade Secret Misappropriation
  • Espionage Campaigns Target Pakistani Police Portals
  • Compromised jscrambler npm Package Drops Infostealer

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark