CVE-2025-40548

Published: Nov 18, 2025Modified: Dec 2, 2025

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Exploitability: 2.3 / Impact: 6.0

Source: psirt@solarwinds.com (Secondary)

Description

A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.

Affected (1)

Products: Solarwinds: Serv U

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Solarwinds Serv U	Before 15.5.3

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-3_release_notes.htm

Source: psirt@solarwinds.com

Release Notes

https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40548

Source: psirt@solarwinds.com

PatchVendor Advisory

Timeline

No history available yet.