AUSTIN / LONDON (IT BOLTWISE) – SolarWinds recently closed three critical vulnerabilities in its Serv-U file transfer solution that could have potentially led to remote code execution. These vulnerabilities, which were discovered in version 15.5.2.2.102, have now been fixed with an update to version 15.5.3.
Today’s daily deals at Amazon! ˗ˋˏ$ˎˊ˗
SolarWinds, a leader in IT management software, recently fixed three critical security vulnerabilities in its Serv-U file transfer solution. These vulnerabilities, identified as CVE-2025-40549, CVE-2025-40548, and CVE-2025-40547, had the potential to allow attackers with administrative privileges to execute remote code. The security holes were discovered in version 15.5.2.2.102 and closed with an update to version 15.5.3.
The first vulnerability, CVE-2025-40549, is a path restriction bypass that allows an attacker to execute code in a directory. This vulnerability requires administrative privileges to be exploited and is rated as moderate on Windows systems because paths and home directories are handled differently.
The second vulnerability, CVE-2025-40548, involves a lack of validation in Serv-U’s access control process. Here too, attackers with administrator rights can execute code. On Windows systems, the risk is rated as medium because services often run under less privileged accounts.
The third vulnerability, CVE-2025-40547, is a logic flaw that also allows arbitrary code execution. SolarWinds has emphasized that the vulnerabilities on Windows systems are of medium severity due to the default use of less privileged accounts.
These vulnerabilities highlight the importance of regular software updates and the need to quickly patch vulnerabilities to prevent potential attacks. Companies using Serv-U are strongly recommended to update to the latest version to protect their systems.
Order an Amazon credit card without an annual fee with a credit limit of 2,000 euros!
Bestseller No. 1 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 2 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 3 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 4 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 5 ᵃ⤻ᶻ “KI Gadgets”
Please send any additions and information to the editorial team by email to de-info[at]it-boltwise.de. Since we cannot rule out AI hallucinations, which rarely occur with AI-generated news and content, we ask you to contact us via email and inform us in the event of false statements or misinformation. Please don’t forget to include the article headline in the email: “SolarWinds fixes critical security vulnerabilities in Serv-U”.