SolarWinds Serv-U (CVE-2024-28995) exploitation: We see you!

SolarWinds disclosed CVE-2024-28995, a path-traversal flaw in Serv-U that permits unauthenticated arbitrary file reads. The author deployed a honeypot mimicking Serv-U and captured multiple exploitation attempts (example payloads request files such as /etc/passwd, win.ini, and Serv-U logs), including activity matching public scanners and one sequence consistent with a human operator. The report catalogs payload variants, offending IPs, and behavior observations, concluding active experimentation in the wild though no RCE was demonstrated.