腾讯网

SolarWinds四个关键漏洞可获取root权限,需立即修复

如果您正在使用SolarWinds的Serv-U软件,应该立即进行补丁更新。该文件传输软件中发现了四个关键漏洞,攻击者可利用这些漏洞以root权限执行代码。 这四个漏洞的CVSS评分均为9.1分,包括一个访问控制漏洞(CVE-2025-40538)、两个类型混淆漏洞(CVE-2025-40540和CVE-2025-40539)以及一个不安全直接对象引用(IDOR)问题(CVE-2025-40541 ...
腾讯网

SolarWinds服务漏洞遭大范围攻击,已列入美国重点监控清单

SolarWinds Web Help Desk服务中的一个严重漏洞已被美国网络安全和基础设施安全局(Cisa)添加到已知利用漏洞(KEV)目录中,该漏洞正在野外被广泛利用。 CVE-2025-40551是SolarWinds在1月底公告中披露的六个常见漏洞和暴露(CVE)之一。该漏洞源于通用弱点枚举(CWE)502 ...
Bleeping Computer

SolarWinds fixes critical RCE bug affecting all Web Help Desk versions

A critical vulnerability in SolarWinds' Web Help Desk solution for customer support could be exploited to achieve remote code execution, the American business software developer warns in a security ...
Bleeping Computer

SolarWinds warns of attacks targeting Web Help Desk instances

SolarWinds warned customers of attacks targeting Internet-exposed Web Help Desk (WHD) instances and advised removing them from publicly accessible infrastructure (likely to prevent the exploitation of ...
CSOonline

SolarWinds fixes critical developer oversight

SolarWinds has issued a hotfix to patch up a security oversight that could allow remote access to sensitive credentials hardcoded in its Web Help Desk (WHD) product. The vulnerability, tracked as ...