SolarWinds Product Security Update Advisory

Nov 28 2025

Overview

Solarwinds has released security updates to fix vulnerabilities in Solarwinds products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-40547, CVE-2025-40548, CVE-2025-40549

SolarWinds Serv-U Version: 15.5.2.2.102

Resolved Vulnerabilities

Remote code execution vulnerability in SolarWinds Serv-U (CVE-2025-40547)
Remote code execution vulnerability due to lack of access control validation in SolarWinds Serv-U (CVE-2025-40548)
Path Restriction Bypass Vulnerability in SolarWinds Serv-U (CVE-2025-40549)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-40547, CVE-2025-40548, CVE-2025-40549

SolarWinds Serv-U Version: 15.5.3

References

[1] SolarWinds Serv-U Logic Abuse – Remote Code Execution Vulnerability (CVE-2025-40547)
https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40547
[2] SolarWinds Serv-U Broken Access Control – Remote Code Execution Vulnerability (CVE-2025-40548)
https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40548
[3] SolarWinds Serv-U Path Restriction Bypass Vulnerability (CVE-2025-40549)
https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40549

SolarWinds Product Security Update Advisory

GitLab Product Security Update Advisory (CVE-2025-12571)

GeoServer Security Update Advisory (CVE-2025-58360)

Tags:

GitLab Product Security Update Advisory (CVE-2025-12571)

GeoServer Security Update Advisory (CVE-2025-58360)