CVE-2025-40541

Published Feb 24, 2026

Last updated 2 months ago

CVSS critical 9.1

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-40541 is an Insecure Direct Object Reference (IDOR) vulnerability identified in SolarWinds Serv-U, a managed file transfer server software. This flaw allows a malicious actor with existing administrative privileges to execute native code as a privileged account. The vulnerability stems from improper authorization mechanisms that fail to adequately validate object references, enabling attackers to manipulate these references to gain unauthorized access to system resources. This issue requires administrative credentials for exploitation. While the risk on Windows deployments is considered somewhat mitigated due to services often running under less-privileged accounts by default, exploitation on other platforms or in misconfigured environments could lead to broader system compromise. The vulnerability affects SolarWinds Serv-U versions prior to 15.5.4.

Description
An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.
Source
psirt@solarwinds.com
NVD status
Analyzed
Products
serv-u

Risk scores

CVSS 3.1

Type
Primary
Base score
7.2
Impact score
5.9
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

psirt@solarwinds.com
CWE-704
nvd@nist.gov
CWE-639

Social media

Hype score
Not currently trending

  1. SolarWinds Serv-U 15.5.3 and earlier are affected by critical IDOR CVE-2025-40541 (CVSS 9.1). Update to 15.5.4 or later immediately, restrict access to trusted networks, and monitor logs for suspicious activity. Read more: https://t.co/Zhc8P1Z99W https://t.co/8WmkjjvOfc

    @wazuh

    3 Mar 2026

    618 Impressions

    9 Retweets

    12 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-40541 (CVSS:9.1, CRITICAL) is Analyzed. An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor..https://t.co/pDJeObaoXQ #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    1 Mar 2026

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-40541 (CVSS:9.1, CRITICAL) is Analyzed. An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor..https://t.co/pDJeObaoXQ #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    28 Feb 2026

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. All four security defects, tracked as CVE-2025-40538 to CVE-2025-40541, have a CVSS score of 9.1, could result in remote code execution, and impact Serv-U version 15.5. https://t.co/8wlqfSVo82

    @jbhall56

    27 Feb 2026

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. ⚠️ Vulnerabilidades en productos SolarWinds ❗ CVE-2025-40541 ❗ CVE-2025-40540 ❗ CVE-2025-40538 ➡️ Más info: https://t.co/k9WORRXVq7 https://t.co/DJ2o6YtpDk

    @CERTpy

    26 Feb 2026

    89 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 SolarWinds Patches Four Critical Serv-U Vulnerabilities (CVE-2025-40538 to CVE-2025-40541) SolarWinds released Serv-U 15.5.4 to fix four critical (CVSS 9.1) flaws that could enable remote code execution, but exploitation requires an attacker to already have administrative

    @ThreatSynop

    25 Feb 2026

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Warning: 4 critical vulnerabilities in #SolarWinds Serv-U. CVE-2025-40538, CVE-2025-40539, CVE-2025-40540 and CVE-2025-40541 share the same CVSS score of 9.1. Threat actors could exploit either to achieve remote code execution. #RCE! https://t.co/JohgnAP6Bh #Patch #Patch #Patch

    @CCBalert

    25 Feb 2026

    267 Impressions

    2 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨 CVE-2025-40541 - CRITICAL SolarWinds Serv-U 🤖 AI Summary: Critical IDOR flaw in SolarWinds Serv-U enables privileged code execution. Requires admin access but poses severe risk to compr... ThreatScore: 91/100 🔗 https://t.co/7LaV5ybUEC #cybersecurity #infosec #CVE

    @AIengineerlife

    25 Feb 2026

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. برای یکی از نرم افزار شرکت SolarWinds یعنی Serv-U file transfer آسیب پذیری با کد شناسایی CVE-2025-40541 و از نوع RCE منتشر شده است که به هکرها امکان اجرای کد با دسترسی ROOT را می دهد

    @AmirHossein_sec

    25 Feb 2026

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🚨 SolarWinds Serv-U 15.5.4 Patches 4 Critical Flaws Enabling Root-Level Compromise SolarWinds released Serv-U v15.5.4 to fix four critical vulnerabilities (CVE-2025-40538 to CVE-2025-40541, CVSS 9.1) that can let attackers with high privileges create unauthorized system admins

    @ThreatSynop

    25 Feb 2026

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🚨 SolarWinds Serv-U Patches 4 Critical Flaws That Enable Root-Level Code Execution SolarWinds fixed four critical Serv-U vulnerabilities (CVE-2025-40538 to CVE-2025-40541) that could let an attacker with already-compromised admin/group-admin access create a system admin user a

    @ThreatSynop

    25 Feb 2026

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Patches for 4 CVSS 9.1 #Solarwinds vulns. Info at SecAlerts: CVE-2025-40538: https://t.co/rCuV1KEDja CVE-2025-40539: https://t.co/DLNLvD1w5o CVE-2025-40540: https://t.co/wKS4JDkjIq CVE-2025-40541: https://t.co/QfGFIUfORv #ciso #cio #cto #vulnerabilities #cybersecurity #msp #mssp

    @SecAlertsCo

    25 Feb 2026

    81 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CVE-2025-40541 An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privi… https://t.co/WUz4rD5O6g

    @CVEnew

    24 Feb 2026

    111 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CVE-2025-40541 Serv-U IDOR Vulnerability Enables Privileged Native Code Execution https://t.co/0TEQFnLhjd

    @VulmonFeeds

    24 Feb 2026

    58 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  15. [CVE-2025-40541: CRITICAL] In Serv-U, an Insecure Direct Object Reference (IDOR) vulnerability allows executing native code with admin privileges, posing a medium risk particularly on Windows systems.#cve,CVE-2025-40541,#cybersecurity https://t.co/0j8DgVxh4b

    @CveFindCom

    24 Feb 2026

    65 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  16. **CVE-2025-40541** pertains to an **Insecure Direct Object Reference (IDOR)** vulnerability found in **Serv-U**, a managed file transfer server. An IDOR vulnerability allows an attacker to access or manipulate objects (such as files, data, or functions) directly by manipulating

    @CveTodo

    24 Feb 2026

    55 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.CVE-2025-40540
  2. A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.CVE-2025-40538
  3. A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.CVE-2025-40539
  4. A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.CVE-2025-40548
  5. A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences in how paths and home directories are handled.CVE-2025-40549

References

Sources include official advisories and independent security research.