- Description
- A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences in how paths and home directories are handled.
- Source
- psirt@solarwinds.com
- NVD status
- Analyzed
- Products
- serv-u
CVSS 3.1
- Type
- Primary
- Base score
- 9.1
- Impact score
- 6
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@solarwinds.com
- CWE-22
- Hype score
- Not currently trending
๐ Serv-U, Path Restriction Bypass, #CVE-2025-40549 (Medium) https://t.co/QuN3w9Bp5a
@dailycve
2 Dec 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SolarWinds patched three critical vulnerabilities: CVE-2025-40549 CVE-2025-40548 CVE-2025-40547 The flaws affect SolarWinds Serv-U 15.5.2.2.102. The company released version 15.5.3 to address them. https://t.co/exuwQPLnPK
@RaulMuo16535398
22 Nov 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SolarWinds Patches Three Critical Serv-U Vulnerabilities. SolarWinds Serv-U is affected by vulnerabilities that can be exploited for remote code execution. One of the flaws, tracked as CVE-2025-40549, has been described as a path restriction bypass issue. https://t.co/DH3ioXGccK
@riskigy
21 Nov 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SolarWindsใ้ซใชในใฏใฎ่คๆฐใฎ่ๅผฑๆงใไฟฎๆญฃ(CVE-2025-40547,CVE-2025-40548,CVE-2025-40549) https://t.co/SPUDZGIeb0 #ใปใญใฅใชใใฃๅฏพ็ญLab #ใปใญใฅใชใใฃ #Security
@securityLab_jp
21 Nov 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐ฅ ๐๐ซ๐ข๐ญ๐ข๐๐๐ฅ ๐๐จ๐ฅ๐๐ซ๐๐ข๐ง๐๐ฌ ๐๐๐ซ๐ฏ-๐ ๐ ๐ฅ๐๐ฐ๐ฌ ๐๐ฅ๐ฅ๐จ๐ฐ ๐๐๐ฆ๐จ๐ญ๐ ๐๐๐ฆ๐ข๐ง ๐๐จ๐๐ ๐๐ฑ๐๐๐ฎ๐ญ๐ข๐จ๐ง - ๐๐๐ฐ๐ญ๐๐ซ๐ณ โข
@PurpleOps_io
20 Nov 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐จ๐จThree SolarWinds Serv-U Flaws Allow Authenticated Admins to Execute Arbitrary Code CVE-2025-40547 โ Logic error CVE-2025-40548 โ Missing validation CVE-2025-40549 โ Directory traversal / path bypass ZoomEye Dork๐app="SolarWinds Serv-U FTP server httpd" 64.7k+
@zoomeye_team
20 Nov 2025
2219 Impressions
10 Retweets
21 Likes
17 Bookmarks
1 Reply
0 Quotes
[CVE-2025-40549: CRITICAL] Path Restriction Bypass vulnerability in Serv-U allows hackers with admin access to execute code on a directory, posing medium risk on Windows due to path handling variations.#cve,CVE-2025-40549,#cybersecurity https://t.co/FLuiRFIaDu https://t.co/0HQqdX
@CveFindCom
18 Nov 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
**CVE-2025-40549** is a *Path Restriction Bypass* vulnerability present in *Serv-U*, an FTP server software developed by SolarWinds. The vulnerability allows a malicious actor with *administrative privileges* to bypass directory access restrictions and execute arbitrary code on a
@CveTodo
18 Nov 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐จ CRITICAL: SolarWinds Serv-U Path Traversal bug (CVE-2025-40549) exposes up to v15.5.2 to code execution for admins. Patch ASAP! Details: https://t.co/5C93wr7luL #OffSeq #SolarWinds #InfoSec https://t.co/H7XZwi2V0H
@offseq
18 Nov 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-40549 A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code onโฆ https://t.co/4MlloTJkJZ
@CVEnew
18 Nov 2025
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5536873C-698D-4936-AA0C-63D0BE2CD3E2",
"versionEndExcluding": "15.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]