Unrated severityCISA KEVNVD Advisory· Published Jul 14, 2021· Updated Oct 21, 2025

Serv-U Remote Memory Escape Vulnerability

CVE-2021-35211

Description

Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.

Affected products

SolarWinds/Serv-U Managed File Transfer Server and Serv-U Secured FTPv5
Range: SolarWinds Serv-U

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploitmitrex_refsource_MISC
www.solarwinds.com/trust-center/security-advisories/cve-2021-35211mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.075
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.060