Serv-U broken access control RCE (CVE-2025-40538)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2025-40538 in SolarWinds Serv-U can let attackers with high privileges create a system admin user and execute code as root, putting unpatched servers at risk of full compromise. The flaw is a broken access control issue affecting Serv-U deployments that expose elevated administrative pathways. SolarWinds has already shipped security updates for Serv-U 15.5.4, making patching the immediate priority.
Related Happenings
SolarWinds Serv-U advisory and mitigations for CVE-2026-28318
Advisory/Mitigation
H score52
First: 06.06.2026 11:14
Last: 06.06.2026 11:14
Sources 1
About this happening:
**SolarWinds Serv-U** mitigation guidance now covers **CVE-2026-28318**, reducing **unauthenticated DoS** risk from specially crafted POST requests. SolarWinds says the flaw is ad...
SolarWinds Serv-U advisory and mitigations for CVE-2026-28318
Advisory/MitigationAbout this happening: **SolarWinds Serv-U** mitigation guidance now covers **CVE-2026-28318**, reducing **unauthenticated DoS** risk from specially crafted POST requests. SolarWinds says the flaw is ad...
CISA KEV order for SolarWinds Serv-U CVE-2026-28318
Public Sector Action
H score50
First: 06.06.2026 11:14
Last: 06.06.2026 11:14
Sources 1
About this happening:
**CISA** added **CVE-2026-28318** affecting **SolarWinds Serv-U** to the **KEV catalog** and ordered **FCEB agencies** to remediate it by **June 19, 2026**. The directive expands...
CISA KEV order for SolarWinds Serv-U CVE-2026-28318
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-28318** affecting **SolarWinds Serv-U** to the **KEV catalog** and ordered **FCEB agencies** to remediate it by **June 19, 2026**. The directive expands...
SolarWinds Serv-U denial-of-service flaw actively exploited (CVE-2026-28318)
Vulnerability
H score73
First: 05.06.2026 22:15
Last: 05.06.2026 22:15
Sources 1
About this happening:
**CISA** added **CVE-2026-28318** affecting **SolarWinds Serv-U** to the **Known Exploited Vulnerabilities (KEV) catalog** after evidence of **active exploitation**. The **high-se...
SolarWinds Serv-U denial-of-service flaw actively exploited (CVE-2026-28318)
VulnerabilityAbout this happening: **CISA** added **CVE-2026-28318** affecting **SolarWinds Serv-U** to the **Known Exploited Vulnerabilities (KEV) catalog** after evidence of **active exploitation**. The **high-se...
CISA orders FCEB remediation deadlines for KEV vulnerabilities
Public Sector Action
H score38
First: 10.03.2026 08:17
Last: 10.03.2026 08:17
Sources 1
About this happening:
CISA ordered **FCEB agencies** to patch **SolarWinds Web Help Desk** by **March 12, 2026** and to fix the other two KEV-listed flaws by **March 23, 2026**, tightening remediation...
CISA orders FCEB remediation deadlines for KEV vulnerabilities
Public Sector ActionAbout this happening: CISA ordered **FCEB agencies** to patch **SolarWinds Web Help Desk** by **March 12, 2026** and to fix the other two KEV-listed flaws by **March 23, 2026**, tightening remediation...
SolarWinds Web Help Desk (WHD) multi-stage exploitation wave
Exploitation Wave
H score44
First: 09.02.2026 16:42
Last: 09.02.2026 16:42
Sources 1
About this happening:
**SolarWinds Web Help Desk (WHD)** exploitation is a **multi-stage intrusion wave** affecting **internet-exposed WHD instances**. The foothold remains unconfirmed, but the wave is...
SolarWinds Web Help Desk (WHD) multi-stage exploitation wave
Exploitation WaveAbout this happening: **SolarWinds Web Help Desk (WHD)** exploitation is a **multi-stage intrusion wave** affecting **internet-exposed WHD instances**. The foothold remains unconfirmed, but the wave is...
Latest development: 10.03.2026 08:17
CISA added CVE-2025-26399 in SolarWinds Web Help Desk to its Known Exploited Vulnerabilities (KEV) catalog after evidence of active exploitation, said Microsoft and Huntress had reported threat actors using SolarWinds Web Help Desk flaws to obtain initial access, attributed the activity to the Warlock ransomware crew, and ordered Federal Civilian Executive Branch (FCEB) agencies to apply the fix by March 12, 2026.
Timeline
-
24.02.2026 15:00 2 articles · 4mo ago
SolarWinds releases Serv-U 15.5.4 security updates
Mitigation Patch UpdateSolarWinds released security updates for Serv-U 15.5.4 to patch four critical remote code execution vulnerabilities, including CVE-2025-40538. The flaw can let an attacker with high privileges create a system admin user and execute arbitrary code as root or admin on unpatched Windows and Linux servers.
Show sources
- Critical SolarWinds Serv-U flaws offer root access to servers — www.bleepingcomputer.com — 24.02.2026 15:00
- Critical SolarWinds Serv-U flaws offer root access to servers — www.bleepingcomputer.com — 24.02.2026 15:00
-
24.02.2026 15:00 1 articles · 4mo ago
SolarWinds advisory details CVE-2025-40538 root code execution
Initial DisclosureSolarWinds described CVE-2025-40538 as a broken access control vulnerability in Serv-U that can let an attacker with domain admin or group admin privileges create a system admin user and execute arbitrary code as root. The same advisory also noted two type confusion flaws and an Insecure Direct Object Reference (IDOR) issue that can be used to gain root-privileged code execution.
Show sources
- Critical SolarWinds Serv-U flaws offer root access to servers — www.bleepingcomputer.com — 24.02.2026 15:00