SEM 2025.4 release notes
Release date: October 14, 2025
Here's what's new in Security Event Manager 2025.4.
Learn more
- See the SEM release notes aggregator to view release notes for multiple versions of SEM on a single page.
- See SEM 2025.4 system requirements to learn about prerequisites for running and installing SEM 2025.4.
- See the SEM 2025.4 Administrator Guide to learn how to work with SEM.
New features and improvements in SEM
Last updated:
Multiple dashboard support
SEM added the ability to create and manage multiple dashboards, offering greater flexibility, personalization, and collaboration. You can create, manage, and share dashboards tailored to your specific needs.
For more information, see Manage multiple SEM dashboards.
Additional improvements
- Updated Java to version 17.0.16.
- Agent installer is now supported on Windows Server 2025.
- Updated to the following versions:
- Spring Framework 6.2.11
- Spring Security 6.5.5
- Apache Tomcat 11.0.10 and 9.0.108
Third-party CVEs
| CVE-ID | Vulnerability title | Description | Severity |
|---|---|---|---|
| CVE-2024-38820 | Spring Framework DataBinder Case Sensitive Match Exception | An improper locale vulnerability has been identified in Spring Framework, which could potentially result in fields not being protected as expected. | 3.1 Low |
| CVE-2024-38816 | Path traversal vulnerability in functional web frameworks | Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running. | 7.5 High |
| CVE-2024-38819 | Path traversal vulnerability in functional web frameworks (2nd report) | Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running. | 7.5 High |
| CVE-2024-38829 | Spring LDAP sensitive data exposure for case-sensitive comparisons | A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons. This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried Related to CVE-2024-38820 https://spring.io/security/cve-2024-38820 | 3.7 Low |
| CVE-2024-38808 | Spring Expression DoS Vulnerability | In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL expressions. | 4.3 Medium |
| CVE-2024-38809 | Spring Framework DoS via conditional HTTP request | Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. | 5.3 Medium |
| CVE-2024-38828 | DoS via Spring MVC controller method with byte[] parameter | Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack. | 5.3 Medium |
Operating System Security Updates
| Title | Description |
|---|---|
| Debian Security Advisory DSA-6009-1 | https://lists.debian.org/debian-security-announce/2025/msg00173.html |
| Debian Security Advisory DSA-5990-1 | https://lists.debian.org/debian-security-announce/2025/msg00154.html |
| Debian Security Advisory DSA-5979-1 | https://lists.debian.org/debian-security-announce/2025/msg00143.html |
| Debian Security Advisory DSA-5973-1 | https://lists.debian.org/debian-security-announce/2025/msg00137.html |
| Debian Security Advisory DSA-5962-1 | https://lists.debian.org/debian-security-announce/2025/msg00126.html |
| Debian Security Advisory DSA-5951-1 | https://lists.debian.org/debian-security-announce/2025/msg00115.html |
| Debian Security Advisory DSA-5954-1 | https://lists.debian.org/debian-security-announce/2025/msg00118.html |
| Debian Security Advisory DSA-5949-1 | https://lists.debian.org/debian-security-announce/2025/msg00113.html |
| Debian Security Advisory DSA-5949-1 | https://lists.debian.org/debian-security-announce/2025/msg00113.html |
Fixes
Last updated:
| Case number | Description |
|---|---|
| 01999845 |
Windows Server 2025 does not return an error when installing the agent. |
| 01813213 |
By default, only SNMPv3 is enabled. |
| 01744251 |
Registry key path is not truncated when saved. |
| N/A |
Offline license works with the use of new resetlicense cmc command. |
| 01934896, 01537327, 01459148, 01416087, 01378120, 01373008, 01373573, 01366691, 01291452, 01058845, 00984012, 00654363 |
Custom SAN names are allowed during Tomcat CSR generation and signed certificate import. |
| 01887016 |
After login is user redirected to SEM dashboard, can use historical search and create reports. |
| N/A |
TLS hostname validation is performed when LEM communicates with AD/LDAP server (both new authentication code and the legacy connector used for AD groups). |
Known issues
Last updated:
Edit and Remove option Not Visible on Empty Table Widget Without Refreshing
When attempting to edit a dashboard, the Edit and Remove options are not available for empty table widgets.
Workaround: Refresh the page and the Edit and Remove options should be visible.
No macOS agent
Currently, there is no macOS agent.
Workaround: Forward all syslogs from the macOS system.
Imported dashboard not listed
After importing a new dashboard, the dashboard is not immediately visible in the drop-down list of dashboards.
Workaround: Refresh the page.
End of life
Last updated:
| Version | EoL announcement | EoE effective date | EoL effective date |
|---|---|---|---|
| 2024.2 | October 16, 2024: End-of-Life (EoL) announcement – Customers on SEM version 2024.2 or earlier should begin transitioning to the latest version of SEM. | April 15, 2025: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM version 2024.2 or earlier will no longer actively be supported by SolarWinds. | October 16, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2024.2. |
| 2023.4.1 | October 16, 2024: End-of-Life (EoL) announcement – Customers on SEM version 2023.4.1 or earlier should begin transitioning to the latest version of SEM. | April 15, 2025: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM version 2023.4.1 or earlier will no longer actively be supported by SolarWinds. | October 16, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2023.4.1. |
| 2023.4 | October 16, 2024: End-of-Life (EoL) announcement – Customers on SEM version 2023.4 or earlier should begin transitioning to the latest version of SEM. | April 15, 2025: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM version 2023.4 or earlier will no longer actively be supported by SolarWinds. | October 16, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2023.4. |
| 2023.2.1 | October 16, 2024: End-of-Life (EoL) announcement – Customers on SEM version 2023.2.1 or earlier should begin transitioning to the latest version of SEM. | April 15, 2025: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM version 2023.2.1 or earlier will no longer actively be supported by SolarWinds. | October 16, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2023.2.1. |
| 2023.2 | April 17, 2024: End-of-Life (EoL) announcement – Customers on SEM version 2023.2 or earlier should begin transitioning to the latest version of SEM. | November 1, 2024: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM version 2023.2 or earlier will no longer actively be supported by SolarWinds. | April 17, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2023.2. |
See the End of Life Policy for information about SolarWinds product life cycle phases. To see EoL dates for earlier SEM versions, see SEM release history.
Deprecation notice
Last updated:
The following platforms and features are still supported in the current release. However, they will be unsupported in a future release. Plan on upgrading deprecated platforms, and avoid using deprecated features.
| Type | Details |
|---|---|
| Operating Systems |
As of SEM 2025.4, SolarWinds will no longer provide SEM agents for these operating systems because they do not support Java 17.
|
Legal notices
© 2025 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.