Critical Vulnerabilities in SolarWinds Serv-U
26 February 2026
SolarWinds has released security updates to address multiple critical vulnerabilities in SolarWinds Serv-U. Users and administrators of affected products are advised to update to the latest version immediately.
Background
SolarWinds has released security updates addressing multiple critical vulnerabilities (CVE-2025-40538, CVE-2025-40539, CVE-2025-40540, CVE-2025-40541) in SolarWinds Serv-U.
Impact
The vulnerabilities are:
CVE-2025-40538: Successful exploitation of this vulnerability potentially allows an authenticated attacker with administrative privileges to execute arbitrary code as a privileged account via domain admin or group admin privileges.
CVE-2025-40539, CVE-2025-40540 & CVE-2025-40541: Successful exploitation of this vulnerability potentially allows an attacker with administrative privileges to execute arbitrary code as a privileged account.
Affected Products
The vulnerabilities affect SolarWinds Serv-U versions prior to 15.5.4.
Recommendation
Users and administrators of affected products are advised to update to the latest version immediately.
References
https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40538
https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40539
https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40540
https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40541
