CVE-2025-40549
published 2025-11-18CVE-2025-40549: A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute…
PriorityP355critical9.1CVSS 3.1
AVNACLPRHUINSCCHIHAH
EPSS
0.98%
57.9th percentile
A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory.
This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences in how paths and home directories are handled.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | azl3_shim-unsigned-aarch64_15.4-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_shim-unsigned-aarch64_15.8-5_on_azure_linux_3.0 | — | — |
| msrc | azl3_shim-unsigned-x64_15.4-3_on_azure_linux_3.0 | — | — |
| msrc | azl3_shim-unsigned-x64_15.8-5_on_azure_linux_3.0 | — | — |
| msrc | azl3_shim_15.4-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_shim_15.8-5_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_shim-unsigned-aarch64_15-5_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_shim-unsigned-x64_15.4-2_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_shim-unsigned-x64_15.8-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_shim_15.4-2_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_shim_15.8-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| solarwinds | serv-u | < 15.5.3 | 15.5.3 |
| solarwinds | serv-u | — | — |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
vendor_msrc5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hw4c-cmmg-hp4c: A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to
ghsa_unreviewed·2025-11-18
CVE-2025-40549 [CRITICAL] CWE-22 GHSA-hw4c-cmmg-hp4c: A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to
A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory.
This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences in how paths and home directories are handled.
Microsoft
Shim: out-of-bounds read in verify_buffer_authenticode() malformed pe file
vendor_msrc·2024-01-09·CVSS 5.5
CVE-2023-40549 [MEDIUM] CWE-125 Shim: out-of-bounds read in verify_buffer_authenticode() malformed pe file
Shim: out-of-bounds read in verify_buffer_authenticode() malformed pe file
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
redhat: redhat
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Ref
No detection rules found.
No public exploits indexed.
Wiz
CVE-2025-40540 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2025-40540 [CRITICAL] CVE-2025-40540 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40540 :
Serv-U Managed File Transfer Server vulnerability analysis and mitigation
A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account.
This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.
Source : NVD
## 7.2
Score
Published February 24, 2026
Severity HIGH
CNA Score 9.1
Affected Technologies
Serv-U Managed File Transfer Server
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 21.2
Exploitation Probability (EPSS) 0.1
Affected pac
Wiz
CVE-2025-40538 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2025-40538 [CRITICAL] CVE-2025-40538 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40538 :
Serv-U Managed File Transfer Server vulnerability analysis and mitigation
A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges.
This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.
Source : NVD
## 7.2
Score
Published February 24, 2026
Severity HIGH
CNA Score 9.1
Affected Technologies
Serv-U Managed File Transfer Server
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probabili
Wiz
CVE-2025-40539 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2025-40539 [CRITICAL] CVE-2025-40539 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40539 :
Serv-U Managed File Transfer Server vulnerability analysis and mitigation
A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account.
This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.
Source : NVD
## 7.2
Score
Published February 24, 2026
Severity HIGH
CNA Score 9.1
Affected Technologies
Serv-U Managed File Transfer Server
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 21.2
Exploitation Probability (EPSS) 0.1
Affected pac
Wiz
CVE-2025-40541 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2025-40541 [CRITICAL] CVE-2025-40541 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40541 :
Serv-U Managed File Transfer Server vulnerability analysis and mitigation
An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account.
This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.
Source : NVD
## 7.2
Score
Published February 24, 2026
Severity HIGH
CNA Score 9.1
Affected Technologies
Serv-U Managed File Transfer Server
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.9
Exploitation Probability (EPSS)
2025-11-18
Published