关联漏洞
描述
CVE-2025-40547
介绍
# 🔒 CVE-2025-40547 — Critical SolarWinds Serv-U Vulnerability
## 🧩 **What Is It?**
A **logic-error vulnerability** in **SolarWinds Serv-U** (Windows & Linux) that allows **arbitrary code execution** — but only if the attacker already has **administrator privileges**.
* ⚠️ **CWE-116:** Improper Encoding / Escaping of Output
* 🛑 Affects **Serv-U 15.5.2 and earlier**
* ✅ Fixed in **Serv-U 15.5.3**
---
## 🚨 **Severity & CVSS Details**
* 🔥 **CVSS v3.1 Score:** **9.1 — Critical**
* 🌐 Attack Vector: **Network**
* 🎯 Attack Complexity: **Low**
* 🔑 Privileges Required: **High**
* 🙅 User Interaction: **None**
* 🔄 Scope: **Changed**
* 📂 Confidentiality: **High**
* 📌 Integrity: **High**
* 📉 Availability: **High**
Even though admin rights are needed, the impact is severe once exploited.
---
## 🖥️ **Affected Systems**
* Product: **SolarWinds Serv-U**
* Versions: **≤ 15.5.2**
* Platforms: **Windows & Linux**
---
## 🛠️ **Mitigation Steps**
🆙 **1. Update immediately** to **Serv-U 15.5.3**
🚫 **2. Limit admin access** — only trusted personnel
🌐 **3. Avoid exposing Serv-U admin interface** to the Internet
🔐 **4. Enable MFA** for admin accounts
🧐 **5. Monitor logs** for suspicious activity
👤 **6. Use minimal-privilege service accounts**, especially on Windows
---
## 💡 **Why This Matters**
Even though **admin access is required**, a compromised admin account or insider threat could use this flaw to gain **full system compromise**, making this patch **high priority** for all Serv-U deployments.
---
文件快照
[4.0K] /data/pocs/b16cfb13945bc3c0508389d57612ce1b41bfac42
└── [1.6K] README.md
1 directory, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。