Vulnerability Details CVE-2025-40549
A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory.
This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences in how paths and home directories are handled.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.0%
CVSS Severity
CVSS v3 Score 9.1
References
Products affected by CVE-2025-40549
-
cpe:2.3:a:solarwinds:serv-u:-
-
cpe:2.3:a:solarwinds:serv-u:15.1
-
cpe:2.3:a:solarwinds:serv-u:15.1.1
-
cpe:2.3:a:solarwinds:serv-u:15.1.2
-
cpe:2.3:a:solarwinds:serv-u:15.1.3
-
cpe:2.3:a:solarwinds:serv-u:15.1.4
-
cpe:2.3:a:solarwinds:serv-u:15.1.5
-
cpe:2.3:a:solarwinds:serv-u:15.1.6
-
cpe:2.3:a:solarwinds:serv-u:15.1.7
-
cpe:2.3:a:solarwinds:serv-u:15.2.1
-
cpe:2.3:a:solarwinds:serv-u:15.2.2
-
cpe:2.3:a:solarwinds:serv-u:15.2.3
-
cpe:2.3:a:solarwinds:serv-u:15.2.4
-
cpe:2.3:a:solarwinds:serv-u:15.2.5
-
cpe:2.3:a:solarwinds:serv-u:15.3
-
cpe:2.3:a:solarwinds:serv-u:15.3.0
-
cpe:2.3:a:solarwinds:serv-u:15.3.1
-
cpe:2.3:a:solarwinds:serv-u:15.3.2
-
cpe:2.3:a:solarwinds:serv-u:15.4.0
-
cpe:2.3:a:solarwinds:serv-u:15.4.2
-
cpe:2.3:a:solarwinds:serv-u:15.4.2.3
-
cpe:2.3:a:solarwinds:serv-u:15.5