CVE-2025-40547

Name of the Vulnerable Software and Affected Versions Serv-U versions 15.5.2 and prior Serv-U versions prior to 15.5.3

Description A logic error exists in Serv-U that, when exploited, could allow an attacker with administrative privileges to execute code. The issue requires administrative access to abuse. On Windows systems, the risk is considered medium because services often run with limited privileges. This vulnerability alters the expected execution flow within the application, potentially leading to a security breach. The vulnerability is a post-authentication privilege escalation vector, potentially enabling lateral movement.

Recommendations Serv-U versions 15.5.2 and prior: Update to version 15.5.3 or later. Serv-U versions prior to 15.5.3: Update to version 15.5.3 or later.