T
TraceWithin

Solarwinds Vulnerabilities

Comprehensive security vulnerability database for Solarwinds products

Last updated: Feb 24, 2026
Total CVEs

4

Critical

1

With Exploits

4

Last 30 Days

0

Severity Distribution

Critical1
25%
High4
100%
Medium0
0%
Low0
0%
AllCriticalHighMediumLow
DescriptionVendor / ProductExploit Status
CVE-2025-405417.2

This vulnerability allows an attacker to run harmful code on the system as a privileged user, potentially taking full control of the Serv-U software. However, the attacker must already have administrative access to exploit this weakness, which makes it less risky on Windows systems where services typically run with lower privileges.

solarwindsserv-u
Exploit Available
about 1 month agoFeb 24, 2026
CVE-2025-405407.2

This vulnerability allows an attacker to run any code they choose with high-level permissions on the affected system. However, they need to have administrative access to exploit it, which makes it less risky on Windows systems where services often run with lower privileges by default.

solarwindsserv-u
Theoretical
about 1 month agoFeb 24, 2026
CVE-2025-405397.2

This vulnerability allows an attacker to run any code they choose with high-level privileges on the affected system. However, they need to have administrative access to exploit it, which makes it less risky on Windows systems where services often run with lower privileges by default.

solarwindsserv-u
Exploit Available
about 1 month agoFeb 24, 2026
CVE-2025-405387.2

This vulnerability allows an attacker with administrative privileges to create a system admin user and run any code they want with high-level permissions. While it poses a significant risk, it can only be exploited by someone who already has admin access to the system.

solarwindsserv-u
Exploit Available
about 1 month agoFeb 24, 2026

About Solarwinds Security

This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Solarwinds products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.

Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.