CVE-2025-40547CRITICAL 9.1EPSS p52.4%

CVE-2025-40547CVE-2025-40547

Description

A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS0.82% probability of exploitation · percentile 52.4% · 2026-06-19T12:03:05Z
Published2025-11-18
Last modified2025-12-02

Underlying weaknesses· 1

CWE-116

References

  1. https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-3_release_notes.htm
  2. https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40547

1

TypeTargetConfidenceTier
WeaknessImproper Encoding or Escaping of Outputcwe-1160%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-40548
CVE
CVE-2025-40549
CVE
CVE-2025-22429
CVE
CVE-2025-1393
CVE
CVE-2025-31710
CVE
CVE-2025-31713
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.