SolarWinds Product Security Update Advisory

Overview

 

SolarWinds has released security updates that address vulnerabilities in its products. Users of affected products are advised to update to the latest version.

 

 

Affected Products

 

CVE-2025-40538, CVE-2025-40539, CVE-2025-40540, CVE-2025-40541

 

SolarWinds Serv-U version: 15.5

 

 

Resolved Vulnerabilities

 

Remote code execution vulnerability due to an access control error in SolarWinds Serv-U (CVE-2025-40538)
Remote code execution vulnerability due to type confusion in SolarWinds Serv-U (CVE-2025-40539)
Remote code execution vulnerability due to type confusion in SolarWinds Serv-U (CVE-2025-40540)
Remote code execution vulnerability due to an insecure direct object reference in SolarWinds Serv-U (CVE-2025-40541)

 

 

Vulnerability Patches

 

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest version of Vulnerability Patches.

 

CVE-2025-40538, CVE-2025-40539, CVE-2025-40540, CVE-2025-40541

 

SolarWinds Serv-U version: 15.5.4

 

 

References

 

[1] SolarWinds Serv-U Broken Access Control Remote Code Execution Vulnerability (CVE-2025-40538)
https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40538
[2] SolarWinds Serv-U Type Confusion Remote Code Execution Vulnerability (CVE-2025-40539)
https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40539
[3] SolarWinds Serv-U Type Confusion Remote Code Execution Vulnerability (CVE-2025-40540)
https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40540
[4] SolarWinds Serv-U Insecure Direct Object Reference (IDOR) Remote Code Execution Vulnerability (CVE-2025-40541)
https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40541