Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Serv-U broken access control RCE (CVE-2025-40538)

Vulnerability
First reported
Last updated
Happening score
H score 40
1 unique sources, 1 articles

Summary

Hide ▲

CVE-2025-40538 in SolarWinds Serv-U can let attackers with high privileges create a system admin user and execute code as root, putting unpatched servers at risk of full compromise. The flaw is a broken access control issue affecting Serv-U deployments that expose elevated administrative pathways. SolarWinds has already shipped security updates for Serv-U 15.5.4, making patching the immediate priority.

Related Happenings

CISA orders FCEB remediation deadlines for KEV vulnerabilities

Public Sector Action
First: 10.03.2026 08:17 Last: 10.03.2026 08:17 Sources 1

About this happening: CISA ordered **FCEB agencies** to patch **SolarWinds Web Help Desk** by **March 12, 2026** and to fix the other two KEV-listed flaws by **March 23, 2026**, tightening remediation...

Open Happening

SolarWinds Web Help Desk (WHD) multi-stage exploitation wave

Exploitation Wave
First: 09.02.2026 16:42 Last: 09.02.2026 16:42 Sources 1

About this happening: **SolarWinds Web Help Desk (WHD)** exploitation is a **multi-stage intrusion wave** affecting **internet-exposed WHD instances**. The foothold remains unconfirmed, but the wave is...

Latest development: 10.03.2026 08:17

CISA added CVE-2025-26399 in SolarWinds Web Help Desk to its Known Exploited Vulnerabilities (KEV) catalog after evidence of active exploitation, said Microsoft and Huntress had reported threat actors using SolarWinds Web Help Desk flaws to obtain initial access, attributed the activity to the Warlock ransomware crew, and ordered Federal Civilian Executive Branch (FCEB) agencies to apply the fix by March 12, 2026.

Open Happening

CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551

Public Sector Action
First: 04.02.2026 07:50 Last: 04.02.2026 07:50 Sources 1

About this happening: **CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...

Open Happening

Timeline

  1. 24.02.2026 15:00 2 articles · 3mo ago

    SolarWinds releases Serv-U 15.5.4 security updates

    Mitigation Patch Update

    SolarWinds released security updates for Serv-U 15.5.4 to patch four critical remote code execution vulnerabilities, including CVE-2025-40538. The flaw can let an attacker with high privileges create a system admin user and execute arbitrary code as root or admin on unpatched Windows and Linux servers.

    Show sources
    Open in new tab
  2. 24.02.2026 15:00 1 articles · 3mo ago

    SolarWinds advisory details CVE-2025-40538 root code execution

    Initial Disclosure

    SolarWinds described CVE-2025-40538 as a broken access control vulnerability in Serv-U that can let an attacker with domain admin or group admin privileges create a system admin user and execute arbitrary code as root. The same advisory also noted two type confusion flaws and an Insecure Direct Object Reference (IDOR) issue that can be used to gain root-privileged code execution.

    Show sources
    Open in new tab