CVE-2025-40547
CRITICALDescription
A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| solarwinds | serv-u |
References
Frequently Asked Questions
What is CVE-2025-40547? +
How severe is CVE-2025-40547? +
What products are affected by CVE-2025-40547? +
How do I check if I'm vulnerable to CVE-2025-40547? +
Related Vulnerabilities
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, CWE - …
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Version Compare Extension allows Cross-Site Scripting (XSS).This …
A vulnerability exists in PX Backup whereby sensitive information may be logged under specific conditions.
A reflected cross-site scripting (XSS) vulnerability exists in ETQ Reliance CG (legacy) platform within the `SQLConverterServlet` component. This vulnerability requires …
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki Core - Feed Utils allows WebView Injection.This issue …
Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view.