Serv-U 15.5.4 release notes
Release date: February 24, 2026
Here's what's new in Serv-U 15.5.4. You can find the applicable system requirements here.
To view release notes, system requirements, and product guide PDFs for supported versions of Serv-U, see Serv-U previous versions. To view release notes for multiple versions
New features and improvements in Serv-U
Last updated:
Download history now available in File Share
Serv-U has reintroduced the download history that was formerly available in the old Web Client prior to Serv-U 15.5.2.
Time display now included with 'Last Modified' date in File Share
'Time’ is now included with the ‘Last Modified’ date in File Share, as it was in the old Web Client prior to Serv-U 15.5.2, bringing additional feature parity between the old and current Web Client.
Support for Ubuntu 24.04 LTS
Serv-U supports Ubuntu 24.04 LTS.
General improvements
- Security improvements
- Functionality fixes
Fixed CVEs
At SolarWinds, we prioritize the swift resolution of CVEs to ensure the security and integrity of our software. In this release, we have successfully addressed the following CVEs.
SolarWinds CVEs
SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.
| CVE-ID | Vulnerability Title | Description | Severity | Credit |
|---|---|---|---|---|
| CVE-2025-40538 | SolarWinds Serv-U Broken Access Control Remote Code Execution Vulnerability | A broken access control vulnerability exists in Serv-U which, when exploited, gives an attacker the ability to create a system admin user and execute arbitrary code as root via domain admin or group admin privileges. | 9.1 Critical | N/A |
| CVE-2025-40540 | SolarWinds Serv-U Type Confusion Remote Code Execution Vulnerability | A type confusion vulnerability exists in Serv-U which, when exploited, gives an attacker the ability to execute arbitrary native code as root. | 9.1 Critical | N/A |
| CVE-2025-40539 | SolarWinds Serv-U Type Confusion Remote Code Execution Vulnerability | A type confusion vulnerability exists in Serv-U which, when exploited, gives an attacker the ability to execute arbitrary native code as root. | 9.1 Critical | N/A |
| CVE-2025-40541 | SolarWinds Serv-U Insecure Direct Object Reference (IDOR) Remote Code Execution Vulnerability | An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U which, when exploited, gives an attacker the ability to execute native code as root. | 9.1 Critical | N/A |
Fixed customer issues
| Case number | Description |
|---|---|
| 02030241 | Serv-U correctly differentiates LDAP and Windows groups selected for deletion. |
| 01930695 01718508 01841022 01823219 01900982 01930695 | The legacy login page contains the frame-ancestors: none directive in its content security policy (CSP) configuration to prevent the Serv-U legacy login page from being embedded in either the same or different applications. |
| N/A | Default values are correctly applied during domain creation, improving security consistency and user experience. |
| N/A | File share search result UI displays as expected. |
Installation or upgrade
For new installations, you can download the installation file from the Serv-U product page on https://www.solarwinds.com or from the Customer Portal. For more information, see Install the SolarWinds Serv-U File Server.
For more information about upgrades, see Upgrade Serv-U File Server.
End of life
| Version | EoL announcement | EoE effective date | EoL effective date |
|---|---|---|---|
| 15.5.1 | November 18, 2025: End-of-Life (EoL) announcement – Customers on Serv-U version 15.5.1 or earlier should begin transitioning to the latest version of Serv-U. | February 18, 2026: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Serv-U version 15.5.1 or earlier will no longer actively be supported by SolarWinds. | November 18, 2026: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Serv-U version 15.5.1. |
| 15.5 | July 8, 2025: End-of-Life (EoL) announcement – Customers on Serv-U version 15.5 or earlier should begin transitioning to the latest version of Serv-U. | October 8, 2025: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Serv-U version 15.5 or earlier will no longer actively be supported by SolarWinds. | October 8, 2026: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Serv-U version 15.5. |
| 15.4.2 | April 15, 2025: End-of-Life (EoL) announcement – Customers on Serv-U version 15.4.2 or earlier should begin transitioning to the latest version of Serv-U. | July 15, 2025: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for Serv-U version 15.4.2 or earlier will no longer actively be supported by SolarWinds. | July 15, 2026: End-of-Life (EoL) – SolarWinds will no longer provide technical support for Serv-U version 15.4.2. |
See the End of Life Policy for information about SolarWinds product life cycle phases. To see EoL dates for earlier Serv-U versions, see Serv-U release history.
Legal notices
© 2026 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.