InfoSecBulletin Cybersecurity for mankind
New vulnerabilities in SolarWinds Serv-U pose serious risks by allowing attackers to gain full control of the system. SolarWinds has revealed four critical Remote Code Execution (RCE) flaws, each with a CVSS score of 9.1.
The vulnerabilities in Serv-U 15.5.4 include Broken Access Control, Type Confusion, and Insecure Direct Object Reference (IDOR). If exploited, these flaws allow attackers to execute arbitrary code as the root user.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CVE-2025-40538 is a serious vulnerability due to broken access control, enabling attackers to gain complete control of the system.
According to the release notes, “A broken access control vulnerability exists in Serv-U which, when exploited, gives an attacker the ability to create a system admin user and execute arbitrary code as root via domain admin or group admin privileges.”
By allowing an attacker to artificially mint their own system administrator credentials, this flaw bypasses traditional perimeter defenses and grants persistent, highly privileged access.
The remaining three vulnerabilities are equally critical, offering alternative routes to root-level remote code execution:
CVE-2025-40539 & CVE-2025-40540 (Type Confusion): Two vulnerabilities arise from memory safety issues. If exploited, they can let an attacker manipulate memory management to run arbitrary code as root.
CVE-2025-40541 (IDOR): An Insecure Direct Object Reference (IDOR) vulnerability allows unauthorized data access. In this case, a flaw in Serv-U can lead to remote code execution with root privileges.
Managed file transfer (MFT) solutions like Serv-U are often directly accessible on the public internet for external file sharing, making them attractive targets for initial access brokers and ransomware attackers.
SolarWinds Serv-U 15.5.4 addresses four critical CVEs. Administrators should update immediately to prevent unauthorized root access.
