CVE-2025-40539
published 2026-02-24CVE-2025-40539: A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged…
PriorityP348high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.45%
35.5th percentile
A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account.
This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| solarwinds | serv-u | < 15.5.4 | 15.5.4 |
| solarwinds | serv-u | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Checkpoint
12th December – Threat Intelligence Report
blogs_checkpoint·2022-12-12·CVSS 9.8
CVE-2021-40539 [CRITICAL] 12th December – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 12th December – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 12th December, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
The company that holds the World Cup broadcasting rights for sub-Saharan Africa has suffered a series of cyberattacks since the beginning of the tournament, targeting one of its decoding servers.
The New York-based Metropolitan Opera has been a victim of a cyberattack that shut down their website, call center and box o
Wiz
CVE-2025-40540 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2025-40540 [CRITICAL] CVE-2025-40540 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40540 :
Serv-U Managed File Transfer Server vulnerability analysis and mitigation
A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account.
This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.
Source : NVD
## 7.2
Score
Published February 24, 2026
Severity HIGH
CNA Score 9.1
Affected Technologies
Serv-U Managed File Transfer Server
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 21.2
Exploitation Probability (EPSS) 0.1
Affected pac
Wiz
CVE-2025-40538 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2025-40538 [CRITICAL] CVE-2025-40538 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40538 :
Serv-U Managed File Transfer Server vulnerability analysis and mitigation
A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges.
This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.
Source : NVD
## 7.2
Score
Published February 24, 2026
Severity HIGH
CNA Score 9.1
Affected Technologies
Serv-U Managed File Transfer Server
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probabili
Wiz
CVE-2025-40539 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2025-40539 [CRITICAL] CVE-2025-40539 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40539 :
Serv-U Managed File Transfer Server vulnerability analysis and mitigation
A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account.
This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.
Source : NVD
## 7.2
Score
Published February 24, 2026
Severity HIGH
CNA Score 9.1
Affected Technologies
Serv-U Managed File Transfer Server
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 21.2
Exploitation Probability (EPSS) 0.1
Affected pac
Wiz
CVE-2025-40541 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2025-40541 [CRITICAL] CVE-2025-40541 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40541 :
Serv-U Managed File Transfer Server vulnerability analysis and mitigation
An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account.
This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.
Source : NVD
## 7.2
Score
Published February 24, 2026
Severity HIGH
CNA Score 9.1
Affected Technologies
Serv-U Managed File Transfer Server
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.9
Exploitation Probability (EPSS)
2026-02-24
Published