ALL POSTS

Key Findings SolarWinds has patched four critical vulnerabilities in its Serv-U file transfer server software The flaws could allow remote code execution and give attackers full root access on unpatched systems The vulnerabilities include: CVE-2025-40538: Broken access control flaw allowing creation of admin user and arbitrary code execution as root CVE-2025-40539 and CVE-2025-40540: Type confusion vulnerabilities enabling arbitrary native code execution as root CVE-2025-4054

Key Findings SolarWinds has released security updates to address six vulnerabilities in their Web Help Desk product, including four critical flaws. The four critical vulnerabilities could be exploited without authentication to achieve remote code execution (RCE) or bypass authentication: CVE-2025-40551 (CVSS 9.8) - Unauthenticated RCE via deserialization of untrusted data CVE-2025-40552 (CVSS 9.8) - Authentication bypass to execute actions and methods CVE-2025-40553 (CVSS 9.8

Key Findings The U.S. Securities and Exchange Commission (SEC) has abandoned its lawsuit against SolarWinds and its chief information security officer Timothy G. Brown. The SEC alleged in 2023 that SolarWinds and Brown had misled investors about the security practices that led to the 2020 supply chain attack, which was attributed to a Russian state-sponsored threat actor. However, in July 2024, many of these allegations were thrown out by the U.S. District Court for the South