Lucene search
K

CVE-2025-40547

🗓️ 18 Nov 2025 08:35:03Reported by SolarWindsType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 19 Views🌐 WEB

CVE-2025-40547 in SolarWinds Serv-U enables remote code execution with admin privileges on Windows.

Related
Detection
Affected
Refs
Paths
Social
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for CVE-2025-40547
21 Nov 202520:54
githubexploit
BDU FSTEC
The vulnerability of the SolarWinds Serv-U File Server file server arises from improper encoding or decoding of output data, allowing a perpetrator to execute arbitrary code.
25 Nov 202500:00
bdu_fstec
Circl
CVE-2025-40547
18 Nov 202510:01
circl
CNNVD
SolarWinds Serv-U 安全漏洞
18 Nov 202500:00
cnnvd
Cvelist
CVE-2025-40547 SolarWinds Serv-U Logic Abuse - Remote Code Execution Vulnerability
18 Nov 202508:35
cvelist
EUVD
EUVD-2025-197930
18 Nov 202508:35
euvd
NVD
CVE-2025-40547
18 Nov 202509:15
nvd
OSV
CVE-2025-40547
18 Nov 202509:15
osv
Positive Technologies
PT-2025-47267
18 Nov 202500:00
ptsecurity
RedhatCVE
CVE-2025-40547
19 Nov 202509:09
redhatcve
Rows per page
NVD
Node
solarwindsserv-uRange<15.5.3
[
  {
    "defaultStatus": "affected",
    "platforms": [
      "Windows",
      "Linux"
    ],
    "product": "Serv-U",
    "vendor": "SolarWinds",
    "versions": [
      {
        "status": "affected",
        "version": "SolarWinds Serv-U 15.5.2 and prior versions"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
XML payload containing serialized .NET object with System.Diagnostics.ProcessStartInfopathAdmin/ConfigUpload.aspxExploitable endpoint where crafted XML config fragment is deserialized leading to arbitrary command execution.CWE-116
config XML directive injectionpathAdmin/ConfigUpload.aspxExploitable endpoint where crafted XML config fragment is deserialized leading to arbitrary command execution.CWE-116
malicious configuration fragmentpathAdmin/ConfigUpload.aspxExploitable endpoint where crafted XML config fragment is deserialized leading to arbitrary command execution.CWE-116

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 09:21Current
6.6Medium risk
Vulners AI Score6.6
CVSS 3.19.1
EPSS0.00836
SSVC
19