Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Serv-U — Vulnerabilities & Security Advisories 18

All 18 CVE vulnerabilities found in Serv-U, with AI-generated Chinese analysis, references, and POCs.

This page provides a comprehensive aggregation of Common Weakness Enumeration (CWE) vulnerabilities associated with the Serv-U product from the vendor SolarWinds. It serves as a centralized resource for security professionals and administrators to analyze the specific weakness types affecting this file transfer solution, including remote code execution, privilege escalation, and cross-site scripting issues. The content collects vulnerability data covering a broad historical timeline, starting from early releases up to recent updates, ensuring that both legacy and modern security incidents are documented. This temporal breadth allows users to observe how the threat landscape for Serv-U has evolved over time and identify patterns in the types of flaws introduced in different software versions. Here, readers can track vendor advisories to stay informed about official patch releases and remediation strategies. The page also facilitates a deeper understanding of specific weakness classes by detailing how they manifest within the Serv-U environment, offering context on attack vectors and potential impacts. Furthermore, users can look up the product’s vulnerability history to assess the overall security posture of their deployment, compare past incidents, and prioritize security audits based on the frequency and severity of reported issues. This structured approach supports informed decision-making for maintaining a secure infrastructure while relying on Serv-U for file management tasks.

Vendor: SolarWinds

CVE IDTitleCVSSSeverityPublished
CVE-2026-28318 SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability CWE-400 7.5 High2026-06-04
CVE-2025-40541 SolarWinds Serv-U Insecure Direct Object Reference (IDOR) Remote Code Execution Vulnerability CWE-704 9.1 Critical2026-02-24
CVE-2025-40540 SolarWinds Serv-U Type Confusion Remote Code Execution Vulnerability CWE-704 9.1 Critical2026-02-24
CVE-2025-40539 SolarWinds Serv-U Type Confusion Remote Code Execution Vulnerability CWE-704 9.1 Critical2026-02-24
CVE-2025-40538 SolarWinds Serv-U Broken Access Control Remote Code Execution Vulnerability CWE-269 9.1 Critical2026-02-24
CVE-2025-40549 SolarWinds Serv-U Path Restriction Bypass Vulnerability CWE-22 9.1 Critical2025-11-18
CVE-2025-40548 SolarWinds Serv-U Broken Access Control - Remote Code Execution Vulnerability CWE-269 9.1 Critical2025-11-18
CVE-2025-40547 SolarWinds Serv-U Logic Abuse - Remote Code Execution Vulnerability CWE-116 9.1 Critical2025-11-18
CVE-2024-45712 SolarWinds Serv-U Client-Side Cross-Site Scripting Vulnerability CWE-79 2.6 Low2025-04-15
CVE-2024-45711 SolarWinds Serv-U FTP Service Directory Traversal Remote Code Execution Vulnerability CWE-22 7.5 High2024-10-16
CVE-2024-45714 SolarWinds Serv-U Stored XSS Vulnerability CWE-79 4.8 Medium2024-10-16
CVE-2024-28072 Arbitrary File Overwrite Vulnerability CWE-532 5.7 Medium2024-05-03
CVE-2023-40053 HTML injection Vulnerability in Serv-U 15.4 CWE-20 5.0 Medium2023-12-06
CVE-2023-40060 2FA/MFA Bypass Vulnerability in Serv-U 15.4 and 15.4 Hotfix 1 CWE-284 7.2 High2023-09-07
CVE-2021-35249 Domain Admin Broken Access Control CWE-284 4.3 Medium2022-05-17
CVE-2021-35250 Directory Transversal Vulnerability in Serv-U 15.3 CWE-22 7.5 High2022-04-25
CVE-2021-35247 Improper Input Validation Vulnerability in Serv-U CWE-20 4.3 Medium2022-01-07
CVE-2021-35223 Execute Command Function Allows Remote Code Execution (RCE)Vulnerability CWE-20 8.5 High2021-08-31

All 18 known CVE vulnerabilities affecting Serv-U with full Chinese analysis, references, and POCs where available.