Security News > 2024 > June > SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995)
SolarWinds has fixed a high-severity vulnerability affecting its Serv-U managed file transfer server solution, which could be exploited by unauthenticated attackers to access sensitive files on the host machine.
Serv-U MFT Server is a widely used enterprise solution that provides secure file transfer and file sharing hosted on Windows and Linux machines.
Discovered and reported by Hussein Daher, CVE-2024-28995 is a directory transversal vulnerability that affects SolarWinds Serv-U 15.4.2 HF 1 and previous versions.
Directory traversal vulnerabilities allow attackers to access directories and files outside the server's root directory.
SolarWinds fixed the flaw by releasing Serv-U 15.4.2 Hotfix 2, which is suitable for both Windows and Linux OSes, the company says.
There is no mention of the bug being actively exploited, but attacker have been known to leverage Serv-U vulnerabilities.
News URL
https://www.helpnetsecurity.com/2024/06/07/cve-2024-28995/
Related news
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
- Siemens Teamcenter vulnerability could allow account takeover (CVE-2025-23363) (source)
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) (source)
- Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-06 | CVE-2024-28995 | Unspecified vulnerability in Solarwinds Serv-U SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. | 7.5 |