SOC Advisory – SolarWinds Serv-U Critical Vulnerabilities – 20 November 2025

Overview

CVE: CVE-2025-40547, CVE-2025-40548, CVE-2025-40549
Severity: Critical
Date: 20 November 2025

SolarWinds has released security updates to address three critical vulnerabilities affecting Serv-U, its file transfer and managed file-sharing system. All three vulnerabilities allow an authenticated attacker with administrative privileges to achieve remote code execution.

While exploitation requires valid admin credentials, the risks are elevated for environments where Serv-U is exposed to the internet or where compromised credentials may already exist. On Windows deployments, the vendor assesses the practical risk as lower because services often run under less privileged service accounts, but a full compromise remains possible.

Affected Versions

• Serv-U versions prior to 15.5.3
• Vulnerabilities are addressed in Serv-U Release 15.5.3
• Applies to both Linux and Windows deployments, although impact severity varies depending on privilege model

Vulnerability Breakdown

CVE-2025-40547 – Logic Error Leading to Code Execution

• Severity: Critical
• CVSS: 9.1
• Description: A logic error in Serv-U may allow an authenticated administrator to execute arbitrary code.
• Impact: Code execution within the Serv-U service context.
• Conditions: Valid administrative access required.
• Notes: On Windows, this may result in a lower impact where service accounts are restricted.

CVE-2025-40548 – Missing Validation Allowing Code Execution

• Severity: Critical
• CVSS: 9.1
• Description: A missing validation step in Serv-U can be abused by an authenticated administrator to execute arbitrary commands.
• Impact: Code execution; potential to modify system behaviour or access sensitive data.
• Conditions: Requires administrative privileges.

CVE-2025-40549 – Path Restriction Bypass

• Severity: Critical
• CVSS: 9.1
• Description: A path restriction bypass allows an attacker with administrative permissions to write files or execute code outside permitted directories.
• Impact: File manipulation or code execution on targeted directories.
• Conditions: Requires administrative privileges.
• Notes: Lower impact rating on Windows due to differences in path handling.

Mitigation

• Upgrade Serv-U to version 15.5.3, which contains patches for all three vulnerabilities.
• Ensure that Serv-U administrative interfaces are not exposed to the public internet.
• Review administrative accounts and remove any that are unused or unnecessary.
• Enable MFA for Serv-U administrators where possible.
• Review server logs for unexpected administrative activity or file modifications.
• Restrict write and execute permissions for service accounts to limit potential post-compromise actions

Summary for IT Teams

Products: SolarWinds Serv-U
Threat Level: High to Critical
Action Required:

• Apply Serv-U 15.5.3 immediately
• Audit administrative access and enforce MFA
• Reduce exposure of Serv-U interfaces to internal-use only
• Monitor for unusual activity in Serv-U logs and directories

Reference

• SolarWinds CVE-2025-40547 Advisory
• SolarWinds CVE-2025-40548 Advisory
• SolarWinds CVE-2025-40549 Advisory
• Serv-U Release Notes 15.5.3

Need Help?

If your organisation requires assistance identifying affected systems, enforcing browser updates or reviewing browser security policies, please contact our SOC team via soc@secure-iss.com.