CVE-2025-40549

Name of the Vulnerable Software and Affected Versions Serv-U versions prior to 15.5.3

Description A Path Restriction Bypass exists in Serv-U that allows a malicious actor with administrative privileges to execute code on a directory. This requires administrative privileges to exploit. On Windows systems, the issue is considered medium in severity due to differences in how paths and home directories are handled, while Linux systems are critically affected. The vulnerability involves bypassing directory access restrictions to achieve remote code execution.

Recommendations Serv-U versions prior to 15.5.3 should be updated.