Platform
windows
Component
serv-u
Fixed in
15.5.3
CVE-2025-40548 describes a Remote Code Execution (RCE) vulnerability within SolarWinds Serv-U. This flaw allows a malicious actor with administrative privileges to execute arbitrary code on the affected system. The vulnerability impacts versions of Serv-U up to and including 15.5.2. A patch is available in version 15.5.3.
Successful exploitation of CVE-2025-40548 grants an attacker complete control over the affected system. An attacker with administrative privileges can execute arbitrary code, potentially leading to data exfiltration, system compromise, and lateral movement within the network. The impact is particularly severe given Serv-U's role in file transfer and potential access to sensitive data. While the Windows default service account configuration mitigates the risk slightly, administrative access remains a critical concern. This vulnerability could be leveraged to install malware, create backdoors, or disrupt operations.
CVE-2025-40548 was published on 2025-11-18. Public proof-of-concept code is currently unavailable, but the CRITICAL CVSS score and the potential for RCE suggest a high likelihood of exploitation. The vulnerability has been added to the CISA KEV catalog, indicating a significant risk to federal civilian agencies. Active campaigns targeting Serv-U are not currently confirmed, but the ease of exploitation once a PoC is released warrants close monitoring.
Exploit Status
EPSS
0.07% (22% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-40548 is to upgrade to SolarWinds Serv-U version 15.5.3 or later. If an immediate upgrade is not feasible, consider restricting administrative access to Serv-U and implementing strict network segmentation to limit the potential blast radius. Review Serv-U's configuration to ensure it adheres to the principle of least privilege. While a direct WAF rule is unlikely to be effective, monitoring network traffic for suspicious connections to Serv-U on unusual ports could provide early detection. After upgrading, confirm the fix by attempting to trigger the vulnerable functionality and verifying that it is no longer exploitable.
Update SolarWinds Serv-U to version 15.5.3 or later. This update corrects the remote code execution vulnerability caused by a broken access control. The update is available on the SolarWinds website.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-40548 is a critical Remote Code Execution vulnerability in SolarWinds Serv-U versions up to 15.5.2. It allows attackers with admin privileges to execute code on the system.
You are affected if you are running SolarWinds Serv-U versions 15.5.2 or earlier. Upgrade to 15.5.3 or later to mitigate the risk.
Upgrade to SolarWinds Serv-U version 15.5.3 or later. If immediate upgrade is not possible, restrict administrative access and implement network segmentation.
Active exploitation is not currently confirmed, but the high CVSS score and potential for RCE suggest a high likelihood of exploitation. Monitor for suspicious activity.
Refer to the official SolarWinds security advisory for detailed information and updates: [https://www.solarwinds.com/securityadvisories](https://www.solarwinds.com/securityadvisories)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.