Plateforme
windows
Composant
serv-u
Corrigé dans
15.5.4
CVE-2025-40538 describes a broken access control vulnerability within SolarWinds Serv-U. Successful exploitation allows a malicious actor to create a system administrator user and execute arbitrary code, potentially gaining privileged access to the system. This vulnerability affects versions of Serv-U up to and including 15.5.3, and a patch is available in version 15.5.4.
The impact of CVE-2025-40538 is significant due to the potential for remote code execution with elevated privileges. An attacker could leverage this vulnerability to gain complete control over the affected Serv-U server, including access to sensitive data stored within the system. This could involve data exfiltration, modification of files, or installation of malware. On Windows deployments, while services often run with limited privileges by default, the ability to escalate to a system admin account represents a serious risk. The vulnerability's ease of exploitation, combined with the potential for privilege escalation, makes it a high-priority target for attackers.
CVE-2025-40538 was published on 2026-02-24. Public proof-of-concept exploits are currently unknown, but the vulnerability's severity and ease of exploitation suggest a high probability of exploitation. The vulnerability is not currently listed on the CISA KEV catalog. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Organizations utilizing SolarWinds Serv-U for file sharing, particularly those with legacy configurations or those running older versions (≤ 15.5.3), are at significant risk. Shared hosting environments where multiple users share a single Serv-U instance are also particularly vulnerable, as a compromise of one user account could potentially lead to the compromise of the entire server.
• windows / supply-chain:
Get-Service ServU | Select-Object -ExpandProperty StartName• windows / supply-chain:
Get-WinEvent -LogName Security -Filter "EventID = 4625" -MaxEvents 10 | Select-Object -Property TimeCreated, Message• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -like "ServU*"}disclosure
Statut de l'Exploit
EPSS
0.04% (percentile 11%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-40538 is to upgrade SolarWinds Serv-U to version 15.5.4 or later. Prior to upgrading, it is highly recommended to create a full backup of the Serv-U database and configuration files. If an immediate upgrade is not feasible, consider implementing stricter access controls within Serv-U, limiting the privileges of user accounts and restricting access to sensitive resources. While not a complete solution, enabling auditing and monitoring of Serv-U activity can help detect suspicious behavior. After upgrading, verify the fix by attempting to create a new user with administrative privileges through the Serv-U interface; this should be prevented.
Mettez à jour SolarWinds Serv-U à la version 15.5.4 ou ultérieure. La mise à jour corrige la vulnérabilité de contrôle d'accès qui permet l'exécution à distance de code. Consultez les notes de version pour plus de détails sur la mise à jour.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-40538 is a critical Remote Code Execution vulnerability in SolarWinds Serv-U, allowing attackers to execute arbitrary code with privileged access.
You are affected if you are running SolarWinds Serv-U versions 15.5.3 or earlier. Upgrade to 15.5.4 or later to mitigate the risk.
Upgrade SolarWinds Serv-U to version 15.5.4 or later. Back up your data before upgrading.
While no public exploits are currently known, the vulnerability's severity suggests a high probability of exploitation. Monitor security advisories.
Refer to the official SolarWinds security advisory for detailed information and updates: [https://www.solarwinds.com/securityadvisories](https://www.solarwinds.com/securityadvisories)
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.