SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution  Ravie Lakshmanan  Feb 25, 2026 Vulnerability / Windows Security SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below - CVE-2025-40538 - A broken access control vulnerability that allows an attacker to create a system admin user and execute arbitrary code as root via domain admin or group admin privileges. CVE-2025-40539 - A type confusion vulnerability that allows an attacker to execute arbitrary native code as root. CVE-2025-40540 - A type confusion vulnerability that allows an attacker to execute arbitrary native code as root. CVE-2025-40541 - An insecure direct object reference (IDOR) vulnerability that allows an attacker to execute native code as root. SolarWinds noted that the vulnerabilities require administrative privileges for successful exploitation. It also said that they carry a medium security risk on Windows deployments as the services "frequently run under less-privileged service accounts by default." The four shortcomings affect SolarWinds Serv-U version 15.5. They have been addressed in SolarWinds Serv-U version 15.5.4. While SolarWinds makes no mention of the security flaws being exploited in the wild, prior vulnerabilities in the software ( CVE-2021-35211 , CVE-2021-35247 , and CVE-2024-28995 ) have been exploited by malicious actors, including by a China-based hacking group tracked as Storm-0322 (formerly DEV-0322). Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post. SHARE      Tweet  Share  Share  Share   Share on Facebook  Share on Twitter  Share on Linkedin  Share on Reddit  Share on Hacker News  Share on Email  Share on WhatsApp Share on Facebook Messenger  Share on Telegram SHARE  cybersecurity , remote code execution , Serv-U , SolarWinds , Vulnerability , windows security Trending News OT Security, In Practice: 4 Cross‑Industry Trends from Global Assessments and How CISOs Should Respond Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days and 25+ Stories Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet and AI Malware Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens Keenadu Firmware Backdoor Infects Android Tablets via Signed OTA Updates Popular Resources 100+ Domains Multiply Attack Risk 6× - Download the CTEM Divide Research Boost SOC Efficiency with AI-Guided Triage — Download Investigator Overview Silent Residency Is the New Threat Model — Download the Red Report Exposed Cloud Training Apps Are Letting Hackers In — Download the Research