This critical vulnerability in SolarWinds Serv-U is currently being exploited in the wild and requires immediate attention to prevent service disruption.

This is an uncontrolled resource consumption vulnerability triggered by sending a specially crafted POST request using the "Content-Encoding: deflate" header. The attack is unauthenticated and requires zero user interaction to successfully crash the Serv-U service.

With a CVSS score of 9.5, this vulnerability represents a severe risk to operational continuity. While the impact is limited to denial of service, the confirmed active exploitation in the wild and inclusion in the CISA KEV catalog elevate the urgency for remediation to prevent unauthorized service outages and potential operational downtime.

Immediate Action: Update the affected software to version 15.5.4 HF1 as specified by the vendor's security advisory.

Proactive Monitoring: Monitor server logs and resource utilization metrics for sudden spikes in CPU or memory consumption associated with malformed POST requests.

Compensating Controls: Deploy a Web Application Firewall (WAF) to inspect and filter incoming traffic, specifically blocking requests containing suspicious "Content-Encoding: deflate" headers.

Public Exploit Available: True

Given the critical CVSS severity and confirmed active exploitation, organizations must prioritize patching SolarWinds Serv-U to version 15.5.4 HF1. Failure to apply this update leaves the environment vulnerable to trivial denial-of-service attacks by unauthenticated remote actors.