CVE-2025-40540

Name of the Vulnerable Software and Affected Versions Serv-U (affected versions not specified)

Description A type confusion issue exists in Serv-U, potentially allowing a malicious actor to execute arbitrary native code with privileged account privileges. Exploitation requires administrative privileges. On Windows systems, the risk is considered medium because services often run under less-privileged service accounts by default. The vulnerability involves a type confusion, which can lead to the execution of arbitrary native code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.