Serv-U IDOR Enables Privileged Native Code Execution
CVE-2025-40541 Published on February 24, 2026

SolarWinds Serv-U Insecure Direct Object Reference (IDOR) Remote Code Execution Vulnerability
An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.

NVD

Vulnerability Analysis

CVE-2025-40541 can be exploited with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
HIGH
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

Incorrect Type Conversion or Cast

The software does not correctly convert an object, resource, or structure from one type to a different type.


Products Associated with CVE-2025-40541

Want to know whenever a new CVE is published for SolarWinds Serv U? stack.watch will email you.

SolarWinds Serv U
 

Affected Versions

SolarWinds Serv-U Version SolarWinds Serv-U 15.5.3 and prior versions is affected by CVE-2025-40541

Exploit Probability

EPSS
0.02%
Percentile
6.02%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.