プラットフォーム
windows
コンポーネント
serv-u
修正版
15.5.3
CVE-2025-40549 describes a Path Restriction Bypass vulnerability found in SolarWinds Serv-U. Successful exploitation could allow a malicious actor with administrative privileges to execute code on a directory, potentially leading to complete system compromise. This vulnerability affects versions of Serv-U up to and including 15.5.2. A patch is available in version 15.5.3.
The Path Restriction Bypass vulnerability in Serv-U presents a significant risk. An attacker with administrative access can leverage this flaw to execute arbitrary code within the Serv-U installation directory. This could involve installing malware, stealing sensitive data (such as FTP credentials or transferred files), or establishing a persistent backdoor. The ability to execute code grants a high degree of control over the affected system, potentially allowing for lateral movement within the network if the compromised Serv-U server has access to other resources. While the vulnerability scores as medium due to Windows path handling, the potential for code execution remains critical.
CVE-2025-40549 was published on 2025-11-18. Currently, there are no publicly available proof-of-concept exploits. The vulnerability has been added to the CISA KEV catalog, indicating a medium probability of exploitation. Monitor security advisories and threat intelligence feeds for any signs of active exploitation campaigns targeting Serv-U.
Organizations utilizing SolarWinds Serv-U for file transfer and management are at risk, particularly those with legacy configurations or limited security controls. Shared hosting environments where multiple users share a single Serv-U instance are also at increased risk, as a compromised user account could potentially be leveraged to exploit this vulnerability.
• windows / supply-chain:
Get-Process -Name ServU | Select-Object -ExpandProperty Path• windows / supply-chain:
Get-Acl -Path "C:\Program Files\SolarWinds\Serv-U\" | Format-List• windows / supply-chain:
Get-WinEvent -LogName Security -Filter "EventID=4624" -MaxEvents 10 | Select-Object -Property TimeCreated, ProcessName, CommandLinedisclosure
エクスプロイト状況
EPSS
0.26% (49% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2025-40549 is to upgrade to SolarWinds Serv-U version 15.5.3 or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds. Restrict administrative access to the Serv-U server to only trusted users. Review and harden file permissions within the Serv-U installation directory to limit the potential impact of code execution. Implement network segmentation to isolate the Serv-U server from critical network resources. After upgrading, verify the fix by attempting to access restricted directories with an administrative account and confirming that access is denied.
Actualice SolarWinds Serv-U a la versión 15.5.3 o posterior. Esta actualización corrige la vulnerabilidad de omisión de restricción de ruta. La actualización se puede descargar desde el sitio web de SolarWinds.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2025-40549 is a critical vulnerability in SolarWinds Serv-U that allows attackers with admin privileges to execute code. It affects versions up to 15.5.2 and has a CVSS score of 9.1.
You are affected if you are running SolarWinds Serv-U versions 15.5.2 or earlier. Check your version and upgrade immediately.
Upgrade to SolarWinds Serv-U version 15.5.3 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting admin access.
Currently, there are no publicly known active exploitation campaigns, but the vulnerability has been added to the CISA KEV catalog, indicating a potential risk.
Refer to the official SolarWinds Serv-U security advisory on their website for detailed information and updates regarding CVE-2025-40549.