Jump to the main content block
  1. Home
  2. Information Security
  3. Vulnerability Alert

【Vulnerability Alert】Three critical security vulnerabilities (CVE-2025-40547) (CVE-2025-40548) (CVE-2025-40549) have been identified in SolarWinds Serv-U software.

publish date : 2025-11-21 update date : 2025-11-21

Source: Ministry of education information & communication security contingency platform

"" "" ""

Publication Number TACERT-ANA-2025111903113535 Publication Time 2025/11/19 15:04
Incident Type ANA-Vulnerability Alert Discovery Time 2025/11/19 15:04
Impact Level Low  
[Subject]
【Vulnerability Alert】Three critical security vulnerabilities (CVE-2025-40547) (CVE-2025-40548) (CVE-2025-40549) have been identified in SolarWinds Serv-U software.

[Content]
Forwarded from TWCERTCC-200-202511-00000016

SolarWinds Serv-U is a server software designed for secure file transfer, supporting multiple protocols such as FTP, FTPS, and SFTP. It offers an easy-to-use management interface and supports cross-platform and cross-device access. Recently, SolarWinds announced that its Serv-U product contains three critical security vulnerabilities.

【CVE-2025-40547, CVSS: 9.1】 This is a logic error vulnerability that may allow an attacker with administrator privileges to execute code.

【CVE-2025-40548, CVSS: 9.1】 This is a missing validation process vulnerability that may allow an attacker with administrator privileges to execute code.

【CVE-2025-40549, CVSS: 9.1】 This is a path restriction bypass vulnerability that may allow an attacker with administrator privileges to execute code within directories.

Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform]
SolarWinds Serv-U version 15.5.2.2.102
[Recommended Actions]
Please update to the following version: SolarWinds Serv-U version 15.5.3.
[Reference]
https://www.twcert.org.tw/tw/cp-169-10519-a28f7-1.html
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center
Click Num:
Print