CVE-2025-40547
Published: 18 November 2025
Description
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Security Summary
CVE-2025-40547 is a logic error vulnerability in SolarWinds Serv-U that enables a malicious actor with administrative privileges to execute arbitrary code. The issue, published on 2025-11-18, carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) and is associated with CWE-116 (Improper Encoding or Escaping of Output).
Exploitation requires high-privilege administrative access to the affected Serv-U instance. A successful attack allows the adversary to achieve high impacts on confidentiality, integrity, and availability, with a changed scope due to the privileged code execution. On Windows deployments, the overall risk is rated as medium, as Serv-U services typically run under less-privileged accounts by default, potentially limiting the blast radius even if admin credentials are compromised.
SolarWinds has published a security advisory detailing the issue at https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40547, along with release notes for Serv-U version 15.5.3 at https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-3_release_notes.htm, which address mitigation through patching.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability allows arbitrary code execution on a remote service (SolarWinds Serv-U) by an authenticated high-privilege administrative actor, directly mapping to Exploitation of Remote Services.