Find notable cyber news and cases, enriched with sources, timelines, and signals.

Serv-U broken access control RCE (CVE-2025-40538)

Vulnerability
First reported
Last updated
Happening score
H score 56
1 unique sources, 1 articles

Summary

Hide ▲

CVE-2025-40538 in SolarWinds Serv-U can let attackers with high privileges create a system admin user and execute code as root, putting unpatched servers at risk of full compromise. The flaw is a broken access control issue affecting Serv-U deployments that expose elevated administrative pathways. SolarWinds has already shipped security updates for Serv-U 15.5.4, making patching the immediate priority.

Related Happenings

SolarWinds Serv-U advisory and mitigations for CVE-2026-28318

Advisory/Mitigation
H score52 First: 06.06.2026 11:14 Last: 06.06.2026 11:14 Sources 1

About this happening: **SolarWinds Serv-U** mitigation guidance now covers **CVE-2026-28318**, reducing **unauthenticated DoS** risk from specially crafted POST requests. SolarWinds says the flaw is ad...

CISA KEV order for SolarWinds Serv-U CVE-2026-28318

Public Sector Action
H score50 First: 06.06.2026 11:14 Last: 06.06.2026 11:14 Sources 1

About this happening: **CISA** added **CVE-2026-28318** affecting **SolarWinds Serv-U** to the **KEV catalog** and ordered **FCEB agencies** to remediate it by **June 19, 2026**. The directive expands...

SolarWinds Serv-U denial-of-service flaw actively exploited (CVE-2026-28318)

Vulnerability
H score73 First: 05.06.2026 22:15 Last: 05.06.2026 22:15 Sources 1

About this happening: **CISA** added **CVE-2026-28318** affecting **SolarWinds Serv-U** to the **Known Exploited Vulnerabilities (KEV) catalog** after evidence of **active exploitation**. The **high-se...

CISA orders FCEB remediation deadlines for KEV vulnerabilities

Public Sector Action
H score38 First: 10.03.2026 08:17 Last: 10.03.2026 08:17 Sources 1

About this happening: CISA ordered **FCEB agencies** to patch **SolarWinds Web Help Desk** by **March 12, 2026** and to fix the other two KEV-listed flaws by **March 23, 2026**, tightening remediation...

SolarWinds Web Help Desk (WHD) multi-stage exploitation wave

Exploitation Wave
H score44 First: 09.02.2026 16:42 Last: 09.02.2026 16:42 Sources 1

About this happening: **SolarWinds Web Help Desk (WHD)** exploitation is a **multi-stage intrusion wave** affecting **internet-exposed WHD instances**. The foothold remains unconfirmed, but the wave is...

Latest development: 10.03.2026 08:17

CISA added CVE-2025-26399 in SolarWinds Web Help Desk to its Known Exploited Vulnerabilities (KEV) catalog after evidence of active exploitation, said Microsoft and Huntress had reported threat actors using SolarWinds Web Help Desk flaws to obtain initial access, attributed the activity to the Warlock ransomware crew, and ordered Federal Civilian Executive Branch (FCEB) agencies to apply the fix by March 12, 2026.

Timeline

  1. 24.02.2026 15:00 2 articles · 4mo ago

    SolarWinds releases Serv-U 15.5.4 security updates

    Mitigation Patch Update

    SolarWinds released security updates for Serv-U 15.5.4 to patch four critical remote code execution vulnerabilities, including CVE-2025-40538. The flaw can let an attacker with high privileges create a system admin user and execute arbitrary code as root or admin on unpatched Windows and Linux servers.

    Show sources
  2. 24.02.2026 15:00 1 articles · 4mo ago

    SolarWinds advisory details CVE-2025-40538 root code execution

    Initial Disclosure

    SolarWinds described CVE-2025-40538 as a broken access control vulnerability in Serv-U that can let an attacker with domain admin or group admin privileges create a system admin user and execute arbitrary code as root. The same advisory also noted two type confusion flaws and an Insecure Direct Object Reference (IDOR) issue that can be used to gain root-privileged code execution.

    Show sources