AI description
CVE-2025-40538 is a broken access control vulnerability identified in SolarWinds Serv-U, a file transfer software. This flaw allows an attacker to create a system administrator user and subsequently execute arbitrary code with elevated privileges. Specifically, this can lead to root-level access on Linux systems or administrative privileges on Windows deployments. Exploitation of this vulnerability requires the attacker to already possess administrative privileges on the targeted server. Once exploited, the attacker can leverage domain or group admin privileges to achieve their objectives.
- Description
- A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.
- Source
- psirt@solarwinds.com
- NVD status
- Analyzed
- Products
- serv-u
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- psirt@solarwinds.com
- CWE-269
- Hype score
- Not currently trending
Top 30 CVEs for ecosystem (30 days). Top CVEs: CVE-2025-40538, CVE-2025-49113, CVE-2022-20775 VulnSocial — your risk exposure provider. #vulnsocial #CVE #CyberSecurity #VulnerabilityManagement https://t.co/S02Q7THYkX
@vulnsocial
7 Mar 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SolarWinds Serv-U の脆弱性 CVE-2025-40538/40539/40540/40541 が FIX:root での RCE https://t.co/Lb9tKc0hF4 SolarWinds Serv-U ファイル・サーバーにおいて、脆弱性 CVE-2025-40538/40539/40540/40541 (CVSS:9.1) が修正されました。これら
@iototsecnews
4 Mar 2026
180 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-40538 (CVSS:9.1, CRITICAL) is Analyzed. A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to crea..https://t.co/baTEiv7Jnk #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
1 Mar 2026
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-40538 (CVSS:9.1, CRITICAL) is Analyzed. A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to crea..https://t.co/baTEiv7Jnk #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
28 Feb 2026
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Patch these 4 critical, make-me-root SolarWinds bugs ASAP The four flaws, all of which earned a 9.1 CVSS rating, include a broken access control vulnerability (CVE-2025-40538), two type confusion bugs (CVE-2025-40540 and CVE-2025-40539), and an Insecure Direct Object Reference h
@johndjohnson
27 Feb 2026
64 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
All four security defects, tracked as CVE-2025-40538 to CVE-2025-40541, have a CVSS score of 9.1, could result in remote code execution, and impact Serv-U version 15.5. https://t.co/8wlqfSVo82
@jbhall56
27 Feb 2026
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerabilidades en productos SolarWinds ❗ CVE-2025-40541 ❗ CVE-2025-40540 ❗ CVE-2025-40538 ➡️ Más info: https://t.co/k9WORRXVq7 https://t.co/DJ2o6YtpDk
@CERTpy
26 Feb 2026
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SolarWinds Serv-Uが4件の重大な脆弱性を修正(CVE-2025-40538 / 40539 / 40540 / 40541) https://t.co/XzDlVDqwad #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
@securityLab_jp
26 Feb 2026
96 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SolarWinds Patches Four Critical Serv-U Vulnerabilities (CVE-2025-40538 to CVE-2025-40541) SolarWinds released Serv-U 15.5.4 to fix four critical (CVSS 9.1) flaws that could enable remote code execution, but exploitation requires an attacker to already have administrative
@ThreatSynop
25 Feb 2026
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: 4 critical vulnerabilities in #SolarWinds Serv-U. CVE-2025-40538, CVE-2025-40539, CVE-2025-40540 and CVE-2025-40541 share the same CVSS score of 9.1. Threat actors could exploit either to achieve remote code execution. #RCE! https://t.co/JohgnAP6Bh #Patch #Patch #Patch
@CCBalert
25 Feb 2026
267 Impressions
2 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerability Alert — SolarWinds Serv-U SolarWinds patched 4 critical Serv-U 15.5 flaws (CVSS 9.1) that can lead to root code execution (CVE-2025-40538/39/40/41). Exploitation needs admin access, but Serv-U has a history of abuse. Upgrade to 15.5.4 now. #CyberSecurity https:/
@CloneSystemsInc
25 Feb 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SolarWinds Serv-U 15.5.4 Patches 4 Critical Flaws Enabling Root-Level Compromise SolarWinds released Serv-U v15.5.4 to fix four critical vulnerabilities (CVE-2025-40538 to CVE-2025-40541, CVSS 9.1) that can let attackers with high privileges create unauthorized system admins
@ThreatSynop
25 Feb 2026
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SolarWinds Serv-U Patches 4 Critical Flaws That Enable Root-Level Code Execution SolarWinds fixed four critical Serv-U vulnerabilities (CVE-2025-40538 to CVE-2025-40541) that could let an attacker with already-compromised admin/group-admin access create a system admin user a
@ThreatSynop
25 Feb 2026
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Upozorňujeme na sérii RCE zranitelností v SolarWinds Serv-U. CVE-2025-40538: Chyba zabezpečení v oblasti řízení přístupu, která při zneužití umožňuje útočníkovi vytvořit uživatele se systémovými oprávněními a spustit libovolný kód jako root pomoc
@GOVCERT_CZ
25 Feb 2026
287 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Serv-U flaws patched by @solarwinds CVE-2025-40538 could allow high-privileged users to escalate to root/admin on unpatched servers. • Broken access control • Type confusion bugs • IDOR vulnerability • 12K+ exposed instances observed File transfer software
@TechNadu
25 Feb 2026
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 أصدرت SolarWinds تحديثات لمعالجة أربع عيوب حرجة في Serv-U 15.5 لنقل الملفات قد تسمح بتنفيذ تعليمات عن بعد. جميع الثغرات بدرجة CVSS 9.1. أحدها CVE-2025-40538 يتيح خللاً في ال
@Cybercachear
25 Feb 2026
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SolarWinds just patched 4 critical flaws in Serv-U 15.5 (now update to 15.5.4 ASAP!) These CVSS 9.1 vulns (CVE-2025-40538, -40539, -40540, -40541) allow remote code execution as root/SYSTEM via broken access control, type confusion & IDOR. Exploit needs admin privs but
@hushed_ahmie
25 Feb 2026
78 Impressions
3 Retweets
6 Likes
3 Bookmarks
1 Reply
0 Quotes
【リンク集:2月24日〜25日のセキュリティ関連ニュース/記事】 <脆弱性> ・SolarWinds Serv-Uに重大な脆弱性、サーバーへのrootアクセスが可能に(CVE-2025-40538、CVE-2025-40540他) https://t.co/UyNpMOpaPf ・2026年1月のCVE
@MachinaRecord
25 Feb 2026
86 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SolarWinds Serv-Uに重大な脆弱性、サーバーへのrootアクセスが可能に(CVE-2025-40538他) | Codebook|Security News https://t.co/aTx2T9FsJx
@ohhara_shiojiri
25 Feb 2026
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨SolarWinds Serv-Uに重大な脆弱性、サーバーへのrootアクセスが可能に(CVE-2025-40538、CVE-2025-40539他) 🇦🇪アラブ首長国連邦、「テロリスト」によるランサムウェア攻撃を阻止したと主張 〜サイバーアラート2
@MachinaRecord
25 Feb 2026
145 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Patches for 4 CVSS 9.1 #Solarwinds vulns. Info at SecAlerts: CVE-2025-40538: https://t.co/rCuV1KEDja CVE-2025-40539: https://t.co/DLNLvD1w5o CVE-2025-40540: https://t.co/wKS4JDkjIq CVE-2025-40541: https://t.co/QfGFIUfORv #ciso #cio #cto #vulnerabilities #cybersecurity #msp #mssp
@SecAlertsCo
25 Feb 2026
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SolarWinds Patches 4 Critical Serv-U Flaws That Can Lead to Root/Admin Code Execution SolarWinds fixed four critical Serv-U bugs in v15.5.4, including CVE-2025-40538 (broken access control) that can let a domain/group admin create a system admin user and execute arbitrary co
@ThreatSynop
24 Feb 2026
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 [CTI-ADVISORY] Detectadas vulnerabilidades críticas en SolarWinds Serv-U (CVE-2025-40538-41) que podrían permitir escalamiento de privilegios y ejecución remota de código. Estado: no confirmado. 🔐 Se recomienda actualizar a Serv-U 15.5.4+ y monitorear accesos. https:/
@BanCERT_gt
24 Feb 2026
18 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 SolarWinds Serv-U just dropped 4 critical RCEs today (CVE-2025-40538/39/40/41, CVSS 9.1) - all leading to RCE No POC as of yet - We've added a Serv-U honeypot stream to catch exploitation attempts in the wild 🍯 https://t.co/GXFaqggV8a https://t.co/vV5Xt7vfar
@DefusedCyber
24 Feb 2026
10177 Impressions
17 Retweets
49 Likes
7 Bookmarks
1 Reply
2 Quotes
SolarWinds patched four critical RCE vulnerabilities in Serv-U 15.5.4, including CVE-2025-40538, allowing attackers with admin privileges to gain root access and execute arbitrary code on Windows and Linux servers. #SolarWinds #CVE202540538 #USA https://t.co/TRltoOEg8F
@TweetThreatNews
24 Feb 2026
141 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The most severe of the four security flaws patched by SolarWinds today in Serv-U 15.5.4 is tracked as CVE-2025-40538, and it allows attackers with high privileges to gain root or admin permissions on vulnerable servers. https://t.co/PuG69FrNR7
@jbhall56
24 Feb 2026
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-40538 Serv-U Privilege Escalation via Broken Access Control Vulnerability https://t.co/fo172jgeyR
@VulmonFeeds
24 Feb 2026
59 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
[CVE-2025-40538: CRITICAL] Critical access control vulnerability in Serv-U enables attackers to create admin user & run code as privileged accounts via domain or group admin privileges. Risk is medium on Win...#cve,CVE-2025-40538,#cybersecurity https://t.co/bIObZCK3bo
@CveFindCom
24 Feb 2026
64 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
**CVE-2025-40538** is a **broken access control** vulnerability in **Serv-U**, a managed file transfer server. When exploited, this flaw allows a malicious actor with **administrative privileges** to **create a system administrator user** and **execute arbitrary code** with
@CveTodo
24 Feb 2026
62 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0879DDA2-3F57-41C7-A689-4B904310687E",
"versionEndExcluding": "15.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]