Overview

SolarWinds Serv-U is vulnerable to critical vulnerabilities. Exploitation of these vulnerabilities may allow an authenticated attacker to execute arbitrary code.

Description

SolarWinds Serv-U is affected by the vulnerabilities tracked as CVE-2025-40549, CVE-2025-40548, and CVE-2025-40547 with CVSS scores of 9.1 each. The product is vulnerable due to a Path Restriction Bypass, a missing validation process, and a logic error vulnerability. The vulnerabilities allow a malicious actor with access to admin privileges the ability to execute code.

Impact

Successful exploitation of these vulnerabilities may allow the attackers to take control of the affected system.

Solution

SolarWinds has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References

• 1. https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40549
• 2. https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40548
• 3. https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40547