Security Vulnerabilities: Solarwinds Platform and Serv-U Susceptible to Attacks
Attackers can target Solarwinds' network monitoring solution Platform and the file transfer software Serv-U.
(Image: Alfa Photo/Shutterstock.com)
If attackers can overcome a specific hurdle, systems with Serv-U can be compromised through malware attacks. Solarwinds Platform is also vulnerable. Security patches are available for both products from the software manufacturer. There are no reports of attacks yet.
Securing Systems
In a warning message about three “critical” vulnerabilities (CVE-202540547, CVE-202540548, CVE-202540549), the developers state that attackers could push and execute malware on PCs. However, this only works if attackers already have administrative rights. Such a prerequisite is actually untypical for a critical classification.
From the description of the vulnerability, it is evident that the risk is considered “medium” under Windows because services in this case typically run with lower user privileges. The developers assure that the security issues in Serv-U MFT and Serv-U FTP Server 15.5.3 have been resolved.
Videos by heise
In Solarwinds Platform 2025.4.1, the developers have closed a total of eight vulnerabilities. The majority are classified with the threat level “medium.” If attackers successfully exploit a vulnerability classified as “high” (CVE-2025-47072), they can trigger software crashes via a DoS attack.
(des)
