CVE-2025-40538
SolarWinds Serv-U Broken Access Control Remote Code Execution Vulnerability
Description
A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.
INFO
Published Date :
Feb. 24, 2026, 8:16 a.m.
Last Modified :
Feb. 24, 2026, 5:51 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | CRITICAL | 49f11609-934d-4621-84e6-e02e032104d6 | ||||
| CVSS 3.1 | CRITICAL | [email protected] | ||||
| CVSS 3.1 | HIGH | [email protected] |
Solution
- Apply vendor-supplied security patches or updates.
- Review and enforce the principle of least privilege.
- Restrict administrative access to authorized personnel only.
- Monitor for unauthorized account creation activities.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-40538.
| URL | Resource |
|---|---|
| https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-4_release_notes.htm | Release Notes Vendor Advisory |
| https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40538 | Vendor Advisory |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-40538 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-40538
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-40538 vulnerability anywhere in the article.
-
The Register
Patch these 4 critical, make-me-root SolarWinds bugs ASAP
If you run SolarWinds’ Serv-U, you should patch promptly. Four critical vulnerabilities in the file transfer software can allow attackers to execute code as root. The four flaws, all of which earned a ... Read more
-
security.nl
Kritiek lek in SolarWinds Serv-U geeft aanvaller roottoegang tot FTP-server
Verschillende kritieke kwetsbaarheden in SolarWinds Serv-U geven een aanvaller roottoegang tot de FTP-server. SolarWinds heeft een beveiligingsupdate uitgebracht om de problemen te verhelpen. SolarWin ... Read more
-
Daily CyberSecurity
Root Access Granted: Four Critical RCE Flaws Patched in SolarWinds Serv-U
File transfer servers are meant to securely move sensitive data, but a new batch of critical vulnerabilities in SolarWinds Serv-U threatens to hand over complete system control to attackers instead. S ... Read more
The following table lists the changes that have been made to the
CVE-2025-40538 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Feb. 24, 2026
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Added CPE Configuration OR *cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:* versions up to (excluding) 15.5.4 Added Reference Type SolarWinds: https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-4_release_notes.htm Types: Release Notes, Vendor Advisory Added Reference Type SolarWinds: https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40538 Types: Vendor Advisory -
New CVE Received by [email protected]
Feb. 24, 2026
Action Type Old Value New Value Added Description A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. Added CVSS V3.1 AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Added CWE CWE-269 Added Reference https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-4_release_notes.htm Added Reference https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40538