Plataforma
windows
Componente
serv-u
Corrigido em
15.5.4
CVE-2025-40538 describes a broken access control vulnerability within SolarWinds Serv-U. Successful exploitation allows a malicious actor to create a system administrator user and execute arbitrary code, potentially gaining privileged access to the system. This vulnerability affects versions of Serv-U up to and including 15.5.3, and a patch is available in version 15.5.4.
The impact of CVE-2025-40538 is significant due to the potential for remote code execution with elevated privileges. An attacker could leverage this vulnerability to gain complete control over the affected Serv-U server, including access to sensitive data stored within the system. This could involve data exfiltration, modification of files, or installation of malware. On Windows deployments, while services often run with limited privileges by default, the ability to escalate to a system admin account represents a serious risk. The vulnerability's ease of exploitation, combined with the potential for privilege escalation, makes it a high-priority target for attackers.
CVE-2025-40538 was published on 2026-02-24. Public proof-of-concept exploits are currently unknown, but the vulnerability's severity and ease of exploitation suggest a high probability of exploitation. The vulnerability is not currently listed on the CISA KEV catalog. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Organizations utilizing SolarWinds Serv-U for file sharing, particularly those with legacy configurations or those running older versions (≤ 15.5.3), are at significant risk. Shared hosting environments where multiple users share a single Serv-U instance are also particularly vulnerable, as a compromise of one user account could potentially lead to the compromise of the entire server.
• windows / supply-chain:
Get-Service ServU | Select-Object -ExpandProperty StartName• windows / supply-chain:
Get-WinEvent -LogName Security -Filter "EventID = 4625" -MaxEvents 10 | Select-Object -Property TimeCreated, Message• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -like "ServU*"}disclosure
Status do Exploit
EPSS
0.04% (percentil 11%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2025-40538 is to upgrade SolarWinds Serv-U to version 15.5.4 or later. Prior to upgrading, it is highly recommended to create a full backup of the Serv-U database and configuration files. If an immediate upgrade is not feasible, consider implementing stricter access controls within Serv-U, limiting the privileges of user accounts and restricting access to sensitive resources. While not a complete solution, enabling auditing and monitoring of Serv-U activity can help detect suspicious behavior. After upgrading, verify the fix by attempting to create a new user with administrative privileges through the Serv-U interface; this should be prevented.
Atualize o SolarWinds Serv-U para a versão 15.5.4 ou posterior. A atualização corrige a vulnerabilidade de controle de acesso que permite a execução remota de código. Consulte as notas da versão para obter mais detalhes sobre a atualização.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-40538 is a critical Remote Code Execution vulnerability in SolarWinds Serv-U, allowing attackers to execute arbitrary code with privileged access.
You are affected if you are running SolarWinds Serv-U versions 15.5.3 or earlier. Upgrade to 15.5.4 or later to mitigate the risk.
Upgrade SolarWinds Serv-U to version 15.5.4 or later. Back up your data before upgrading.
While no public exploits are currently known, the vulnerability's severity suggests a high probability of exploitation. Monitor security advisories.
Refer to the official SolarWinds security advisory for detailed information and updates: [https://www.solarwinds.com/securityadvisories](https://www.solarwinds.com/securityadvisories)
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.