CVE-2025-40540 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: February 24, 2026
Serv-U - Code Execution & Privilege Escalation
Overview
Serv-U contains a type confusion vulnerability that allows attackers with administrative privileges to execute arbitrary native code as a privileged account.
Severity & Score
Impact
Attackers with administrative privileges can execute arbitrary code with elevated privileges, potentially compromising the entire system.
Mitigation
Update Serv-U to the latest version to address the type confusion vulnerability.
References
Social Media Activity(1 post)
latest SolarWinds CVEs.. all critical lmao.. patch patch patch! CVE-2025-40538 - Improper Privilege Management CVE-2025-40539 - Incorrect Type Conversion or Cast CVE-2025-40540 - Incorrect Type Conversion or Cast CVE-2025-40541 - Incorrect Type Conversion or Cast & Authorization Bypass Through User-Controlled Key SolarWinds Serv-U 15.5.3 and prior versions https://hecate.pw/vulnerabilities?search=vendors%3A%22SolarWinds%22+AND+published%3A%3E%3D2026-02-22&mode=dql #vulnerability #security #solarwinds
View original postRelated Resources
Details
- CVE ID
- CVE-2025-40540
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- undefined
- Status
- confirmed
- EPSS
- 4.8%
- Social Posts
- 1
CWE
- CWE-704
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H