These flaws, all rated 9.1 on the CVSS scale, stem from issues like broken access control and type confusion, posing severe risks to organizations using the file transfer server.
The update urges immediate patching, especially given SolarWinds’ history with high-profile supply chain attacks.
The most alarming is CVE-2025-40538, a broken access control flaw that lets attackers with domain admin or group admin privileges create a system admin user and run arbitrary code as root.
Similarly, CVE-2025-40539 and CVE-2025-40540 involve type confusion errors, enabling native code execution at the root level without additional privileges.
CVE-2025-40541 exploits an insecure direct object reference (IDOR), bypassing checks to execute code as root.
Attackers need authenticated access but could chain these for full compromise, potentially leading to data exfiltration, ransomware deployment, or persistent backdoors.
Exploitation requires domain or group admin rights for some vectors, but IDOR and type confusion lower the bar.
No public exploits exist yet, but the root-level impact makes these prime targets for advanced persistent threats (APTs) or ransomware operators.
| CVE ID | Vulnerability Title | Description | Severity | Credit |
|---|---|---|---|---|
| CVE-2025-40538 | SolarWinds Serv-U Broken Access Control RCE | Broken access control allows creating system admin user and arbitrary root code execution via domain/group admin privileges. | 9.1 Critical | N/A |
| CVE-2025-40540 | SolarWinds Serv-U Type Confusion RCE | Type confusion enables arbitrary native code execution as root. | 9.1 Critical | N/A |
| CVE-2025-40539 | SolarWinds Serv-U Type Confusion RCE | Type confusion enables arbitrary native code execution as root. | 9.1 Critical | N/A |
| CVE-2025-40541 | SolarWinds Serv-U IDOR RCE | IDOR allows native code execution as root. | 9.1 Critical | N/A |
Serv-U 15.5.4 fixes these CVEs alongside improvements like download history in File Share, time display for last modified dates, and Ubuntu 24.04 LTS support.
Organizations on versions 15.5.1 or earlier face end-of-life risks. 15.5.1 Support ends November 18, 2026.
Scan environments with tools like Nessus or Qualys, revoke excess admin privileges, and monitor logs for suspicious admin creations or code execution. SolarWinds credits internal teams for discovery; no external researchers noted.
Follow us on Google News, LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google
The post SolarWinds Serv-U Critical Vulnerabilities Allow Attackers to Gain Root Access appeared first on Cyber Security News.
In January, Qualcomm hinted to The Verge that it might finally bring its powerful Arm-based…
Students are seen on the campus of Columbia University on April 14, 2025, in New…
If you’ve been waiting to grab any video games, today might be the day. On…
I first took notice of Samson: A Tyndalston Story when its team of former Just…
Stardew Valley creator Eric Barone (ConcernedApe) has released a 10th anniversary video revealing, among other…
Highguard studio Wildlight Entertainment reportedly has less than 20 people remaining to work on the…
This website uses cookies.