Solarwinds Serv-U vulnerabilities
40 known vulnerabilities affecting solarwinds/serv-u.
Total CVEs
40
CISA KEV
4
actively exploited
Public exploits
4
Exploited in wild
5
Severity breakdown
CRITICAL5HIGH20MEDIUM15
Vulnerabilities
Page 1 of 2
CVE-2021-35211P1CRITICALCVSS 10.0KEVPoCRansomwarefixed in 15.2.3v15.2.32021-07-14
CVE-2021-35211 [CRITICAL] CWE-787 CVE-2021-35211: Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product ut
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affe
nvd
CVE-2024-28995P1HIGHCVSS 7.5KEVPoCfixed in 15.4.2v15.4.22024-06-06
CVE-2024-28995 [HIGH] CWE-22 CVE-2024-28995: SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access t
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
nvd
CVE-2026-28318P1HIGHCVSS 7.5KEVPoCfixed in 15.5.4v15.5.4+1 more2026-06-04
CVE-2026-28318 [HIGH] CWE-400 CVE-2026-28318: SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service wi
SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update
nvd
CVE-2021-35247P2MEDIUMCVSS 5.3KEVfixed in 15.3≥ 15.2.5 and previous versions, < 15.32022-01-10
CVE-2021-35247 [MEDIUM] CWE-20 CVE-2021-35247: Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sa
Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. To insure proper input validation is completed i
nvd
CVE-2021-35250P1HIGHCVSS 7.5ExploitedPoCv15.3≥ 15.3 only, < 15.3 Hotfix 12022-04-25
CVE-2021-35250 [HIGH] CWE-22 CVE-2021-35250: A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to
A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.
nvd
CVE-2024-45711P2HIGHCVSS 8.8fixed in 15.5vServ-U 15.4.2 HF 2 and previous versions2024-10-16
CVE-2024-45711 [HIGH] CWE-22 CVE-2024-45711: SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution
SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are abused. Authentication is required for this vulnerability
nvd
CVE-2020-35481P2CRITICALCVSS 9.8fixed in 15.2.22021-02-03
CVE-2020-35481 [CRITICAL] CVE-2020-35481: SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection.
SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection.
nvd
CVE-2021-35223P3HIGHCVSS 8.8fixed in 15.2.4≥ 15.2.3 and previous versions, ≤ 15.2.42021-08-31
CVE-2021-35223 [HIGH] CWE-20 CVE-2021-35223: The Serv-U File Server allows for events such as user login failures to be audited by executing a co
The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution.
nvd
CVE-2025-40548P3CRITICALCVSS 9.1fixed in 15.5.3vSolarWinds Serv-U 15.5.2 and prior versions2025-11-18
CVE-2025-40548 [CRITICAL] CWE-269 CVE-2025-40548: A missing validation process exists in Serv U when abused, could give a malicious actor with access
A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code.
This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.
nvd
CVE-2025-40549P3CRITICALCVSS 9.1fixed in 15.5.3vSolarWinds Serv-U 15.5.2 and prior versions2025-11-18
CVE-2025-40549 [CRITICAL] CWE-22 CVE-2025-40549: A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious ac
A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory.
This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences in how paths and home directories are handled.
nvd
CVE-2025-40547P3CRITICALCVSS 9.1fixed in 15.5.3vSolarWinds Serv-U 15.5.2 and prior versions2025-11-18
CVE-2025-40547 [CRITICAL] CWE-116 CVE-2025-40547: A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with acc
A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with access to admin privileges the ability to execute code.
This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.
nvd
CVE-2025-40538P3HIGHCVSS 7.2fixed in 15.5.4vSolarWinds Serv-U 15.5.3 and prior versions2026-02-24
CVE-2025-40538 [HIGH] CWE-269 CVE-2025-40538: A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor
A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges.
This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium bec
nvd
CVE-2025-40539P3HIGHCVSS 7.2fixed in 15.5.4vSolarWinds Serv-U 15.5.3 and prior versions2026-02-24
CVE-2025-40539 [HIGH] CWE-704 CVE-2025-40539: A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ab
A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account.
This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by defau
nvd
CVE-2025-40540P3HIGHCVSS 7.2fixed in 15.5.4vSolarWinds Serv-U 15.5.3 and prior versions2026-02-24
CVE-2025-40540 [HIGH] CWE-704 CVE-2025-40540: A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ab
A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account.
This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by defau
nvd
CVE-2025-40541P3HIGHCVSS 7.2fixed in 15.5.4vSolarWinds Serv-U 15.5.3 and prior versions2026-02-24
CVE-2025-40541 [HIGH] CWE-704 CVE-2025-40541: An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, giv
An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account.
This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged servic
nvd
CVE-2023-35179P3HIGHCVSS 7.2v15.4.0v15.4 2023-08-11
CVE-2023-35179 [HIGH] CWE-284 CVE-2023-35179: A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypas
A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action.
nvd
CVE-2023-40060P3HIGHCVSS 7.2v15.4.0≥ 15.4, ≤ 15.4 Hotfix 1 2023-09-07
CVE-2023-40060 [HIGH] CWE-284 CVE-2023-40060: A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows
A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action.
15.4. SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1.
nvd
CVE-2021-3154P3HIGHCVSS 7.5fixed in 15.2.22021-05-04
CVE-2021-3154 [HIGH] CVE-2021-3154: An issue was discovered in SolarWinds Serv-U before 15.2.2. Unauthenticated attackers can retrieve c
An issue was discovered in SolarWinds Serv-U before 15.2.2. Unauthenticated attackers can retrieve cleartext passwords via macro Injection. NOTE: this had a distinct fix relative to CVE-2020-35481.
nvd
CVE-2024-28073P3HIGHCVSS 7.2fixed in 15.4.22024-04-17
CVE-2024-28073 [HIGH] CWE-22 CVE-2024-28073: SolarWinds Serv-U was found to be susceptible to a Directory Traversal Remote Code Vulnerability. Th
SolarWinds Serv-U was found to be susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability requires a highly privileged account to be exploited.
nvd
CVE-2021-35242P3HIGHCVSS 8.8fixed in 15.2.52021-12-06
CVE-2021-35242 [HIGH] CWE-352 CVE-2021-35242: Serv-U server responds with valid CSRFToken when the request contains only Session.
Serv-U server responds with valid CSRFToken when the request contains only Session.
nvd
1 / 2Next →