SolarWinds Serv-U Path/Directory Traversal Vulnerability...

SolarWinds Serv-U Path/Directory Traversal Vulnerability Exploited (CVE-2024-28995)

On June 18, researchers at GreyNoise confirmed in-the-wild exploitation of a high-severity vulnerability in SolarWinds Serv-U FTP and MFT:

CVE-2024-28995

The flaw was first disclosed as part of an advisory on June 5. Following the publication technical details and proof-of-concept exploit code, exploitation has now been observed.

For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

SolarWinds Serv-U Path/Directory Traversal Vulnerability...

Recent Discussions

FAQ on Exploited Zero-Day Flaws in Cisco ASA and FTD Devices (CVE-2025-20333, CVE-2025-20362)

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

CVE-2025-25256: Proof of Concept Released for Fortinet FortiSIEM Command Injection Vulnerability

Americas

Europe

Asia / Australia