- Description
- A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.
- Source
- psirt@solarwinds.com
- NVD status
- Analyzed
- Products
- serv-u
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- psirt@solarwinds.com
- CWE-704
- Hype score
- Not currently trending
CVE-2025-40539 (CVSS:9.1, CRITICAL) is Analyzed. A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arb..https://t.co/J81nJRt7tJ #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
28 Feb 2026
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Patch these 4 critical, make-me-root SolarWinds bugs ASAP The four flaws, all of which earned a 9.1 CVSS rating, include a broken access control vulnerability (CVE-2025-40538), two type confusion bugs (CVE-2025-40540 and CVE-2025-40539), and an Insecure Direct Object Reference h
@johndjohnson
27 Feb 2026
64 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Warning: 4 critical vulnerabilities in #SolarWinds Serv-U. CVE-2025-40538, CVE-2025-40539, CVE-2025-40540 and CVE-2025-40541 share the same CVSS score of 9.1. Threat actors could exploit either to achieve remote code execution. #RCE! https://t.co/JohgnAP6Bh #Patch #Patch #Patch
@CCBalert
25 Feb 2026
267 Impressions
2 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨SolarWinds Serv-Uに重大な脆弱性、サーバーへのrootアクセスが可能に(CVE-2025-40538、CVE-2025-40539他) 🇦🇪アラブ首長国連邦、「テロリスト」によるランサムウェア攻撃を阻止したと主張 〜サイバーアラート2
@MachinaRecord
25 Feb 2026
145 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Patches for 4 CVSS 9.1 #Solarwinds vulns. Info at SecAlerts: CVE-2025-40538: https://t.co/rCuV1KEDja CVE-2025-40539: https://t.co/DLNLvD1w5o CVE-2025-40540: https://t.co/wKS4JDkjIq CVE-2025-40541: https://t.co/QfGFIUfORv #ciso #cio #cto #vulnerabilities #cybersecurity #msp #mssp
@SecAlertsCo
25 Feb 2026
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-40539 A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. Thi… https://t.co/ATOCy3XyM9
@CVEnew
24 Feb 2026
112 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-40539 Type Confusion Vulnerability in Serv-U Enables Privileged Native Code Execution https://t.co/WrqSYe5Lbg
@VulmonFeeds
24 Feb 2026
42 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
[CVE-2025-40539: CRITICAL] Type confusion vulnerability in Serv-U allows executing arbitrary code as privileged account. Needs admin privileges to exploit. Medium risk on Windows due to default less-privileg...#cve,CVE-2025-40539,#cybersecurity https://t.co/IzobxZpnpx
@CveFindCom
24 Feb 2026
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-40539 is a **type confusion vulnerability** found in Serv-U, a popular file transfer server software. When exploited, this flaw allows a malicious actor to execute arbitrary native code with the privileges of the compromised service, which can lead to full system
@CveTodo
24 Feb 2026
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0879DDA2-3F57-41C7-A689-4B904310687E",
"versionEndExcluding": "15.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]