Platform
windows
Component
serv-u
Fixed in
15.5.3
CVE-2025-40549 describes a Path Restriction Bypass vulnerability found in SolarWinds Serv-U. Successful exploitation could allow a malicious actor with administrative privileges to execute code on a directory, potentially leading to complete system compromise. This vulnerability affects versions of Serv-U up to and including 15.5.2. A patch is available in version 15.5.3.
The Path Restriction Bypass vulnerability in Serv-U presents a significant risk. An attacker with administrative access can leverage this flaw to execute arbitrary code within the Serv-U installation directory. This could involve installing malware, stealing sensitive data (such as FTP credentials or transferred files), or establishing a persistent backdoor. The ability to execute code grants a high degree of control over the affected system, potentially allowing for lateral movement within the network if the compromised Serv-U server has access to other resources. While the vulnerability scores as medium due to Windows path handling, the potential for code execution remains critical.
CVE-2025-40549 was published on 2025-11-18. Currently, there are no publicly available proof-of-concept exploits. The vulnerability has been added to the CISA KEV catalog, indicating a medium probability of exploitation. Monitor security advisories and threat intelligence feeds for any signs of active exploitation campaigns targeting Serv-U.
Exploit Status
EPSS
0.26% (49% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-40549 is to upgrade to SolarWinds Serv-U version 15.5.3 or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds. Restrict administrative access to the Serv-U server to only trusted users. Review and harden file permissions within the Serv-U installation directory to limit the potential impact of code execution. Implement network segmentation to isolate the Serv-U server from critical network resources. After upgrading, verify the fix by attempting to access restricted directories with an administrative account and confirming that access is denied.
Actualice SolarWinds Serv-U a la versión 15.5.3 o posterior. Esta actualización corrige la vulnerabilidad de omisión de restricción de ruta. La actualización se puede descargar desde el sitio web de SolarWinds.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-40549 is a critical vulnerability in SolarWinds Serv-U that allows attackers with admin privileges to execute code. It affects versions up to 15.5.2 and has a CVSS score of 9.1.
You are affected if you are running SolarWinds Serv-U versions 15.5.2 or earlier. Check your version and upgrade immediately.
Upgrade to SolarWinds Serv-U version 15.5.3 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting admin access.
Currently, there are no publicly known active exploitation campaigns, but the vulnerability has been added to the CISA KEV catalog, indicating a potential risk.
Refer to the official SolarWinds Serv-U security advisory on their website for detailed information and updates regarding CVE-2025-40549.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.