Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Critical Vulnerabilities in SolarWinds Serv-U

26 February 2026

SolarWinds has released security updates to address multiple critical vulnerabilities in SolarWinds Serv-U. Users and administrators of affected products are advised to update to the latest version immediately.

Background

SolarWinds has released security updates addressing multiple critical vulnerabilities (CVE-2025-40538, CVE-2025-40539, CVE-2025-40540, CVE-2025-40541) in SolarWinds Serv-U.

Impact

The vulnerabilities are:

  • CVE-2025-40538: Successful exploitation of this vulnerability potentially allows an authenticated attacker with administrative privileges to execute arbitrary code as a privileged account via domain admin or group admin privileges.

  • CVE-2025-40539, CVE-2025-40540 & CVE-2025-40541: Successful exploitation of this vulnerability potentially allows an attacker with administrative privileges to execute arbitrary code as a privileged account.

Affected Products

The vulnerabilities affect SolarWinds Serv-U versions prior to 15.5.4.

Recommendation

Users and administrators of affected products are advised to update to the latest version immediately.

References

https://www.bleepingcomputer.com/news/security/critical-solarwinds-serv-u-flaws-offer-root-access-to-servers/

https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40538

https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40539

https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40540

https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40541

Back to top