AI description
CVE-2025-40538 is a broken access control vulnerability identified in SolarWinds Serv-U, a file transfer software. This flaw allows an attacker to create a system administrator user and subsequently execute arbitrary code with elevated privileges. Specifically, this can lead to root-level access on Linux systems or administrative privileges on Windows deployments. Exploitation of this vulnerability requires the attacker to already possess administrative privileges on the targeted server. Once exploited, the attacker can leverage domain or group admin privileges to achieve their objectives.
- Description
- A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.
- Source
- psirt@solarwinds.com
- NVD status
- Analyzed
- Products
- serv-u
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- psirt@solarwinds.com
- CWE-269
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
11
🚨 [CTI-ADVISORY] Detectadas vulnerabilidades críticas en SolarWinds Serv-U (CVE-2025-40538-41) que podrían permitir escalamiento de privilegios y ejecución remota de código. Estado: no confirmado. 🔐 Se recomienda actualizar a Serv-U 15.5.4+ y monitorear accesos. https:/
@BanCERT_gt
24 Feb 2026
17 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 SolarWinds Serv-U just dropped 4 critical RCEs today (CVE-2025-40538/39/40/41, CVSS 9.1) - all leading to RCE No POC as of yet - We've added a Serv-U honeypot stream to catch exploitation attempts in the wild 🍯 https://t.co/GXFaqggV8a https://t.co/vV5Xt7vfar
@DefusedCyber
24 Feb 2026
6243 Impressions
15 Retweets
41 Likes
5 Bookmarks
1 Reply
2 Quotes
CVE-2025-40538 Serv-U Privilege Escalation via Broken Access Control Vulnerability https://t.co/fo172jgeyR
@VulmonFeeds
24 Feb 2026
51 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
[CVE-2025-40538: CRITICAL] Critical access control vulnerability in Serv-U enables attackers to create admin user & run code as privileged accounts via domain or group admin privileges. Risk is medium on Win...#cve,CVE-2025-40538,#cybersecurity https://t.co/bIObZCK3bo
@CveFindCom
24 Feb 2026
59 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
**CVE-2025-40538** is a **broken access control** vulnerability in **Serv-U**, a managed file transfer server. When exploited, this flaw allows a malicious actor with **administrative privileges** to **create a system administrator user** and **execute arbitrary code** with
@CveTodo
24 Feb 2026
27 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0879DDA2-3F57-41C7-A689-4B904310687E",
"versionEndExcluding": "15.5.4"
}
],
"operator": "OR"
}
]
}
]