CVE-2025-40541

Name of the Vulnerable Software and Affected Versions Serv-U versions 15.5.3 and earlier

Description An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U. Exploitation of this issue allows a malicious actor to execute native code as a privileged account. This requires administrative privileges to abuse. On Windows deployments, the risk is considered medium because services often run under less-privileged service accounts. The vulnerability allows an attacker to access or manipulate objects directly by manipulating parameters or identifiers without proper authorization checks.

Recommendations Serv-U versions 15.5.3 and earlier should be updated to version 15.5.4 or later.