CVE-2025-40548CRITICAL 9.1EPSS p46.1%

CVE-2025-40548CVE-2025-40548

Description

A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS0.65% probability of exploitation · percentile 46.1% · 2026-06-19T12:03:05Z
Published2025-11-18
Last modified2025-12-02

Underlying weaknesses· 1

CWE-269

References

  1. https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-3_release_notes.htm
  2. https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40548

1

TypeTargetConfidenceTier
WeaknessImproper Privilege Managementcwe-2690%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-40547
CVE
CVE-2025-40549
CVE
CVE-2025-48650
CVE
CVE-2025-1393
CVE
CVE-2025-31710
CVE
CVE-2025-31713
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.