Serv-U MFT
by SolarWinds
CVEs (39)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-25276 | Hig | 0.46 | 7.1 | 0.00 | Feb 3, 2021 | In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable. An unprivileged Windows user (having access to the server's filesystem) can add an FTP user by copying a… | ||
| CVE-2020-27994 | Med | 0.43 | 6.5 | 0.04 | Feb 3, 2021 | SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal. | ||
| CVE-2018-10241 | Med | 0.42 | 6.5 | 0.02 | May 16, 2018 | A denial of service vulnerability in SolarWinds Serv-U before 15.1.6 HFv1 allows an authenticated user to crash the application (with a NULL pointer dereference) via a specially crafted URL beginning with the /Web%20Client/ substring. | ||
| CVE-2021-35247 | Med | 0.40 | 4.3 | 0.03 | KEV | Jan 10, 2022 | Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers… | |
| CVE-2021-25179 | Med | 0.40 | 6.1 | 0.01 | May 5, 2021 | SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header. | ||
| CVE-2024-28072 | Med | 0.37 | 5.7 | 0.01 | May 3, 2024 | A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly. | ||
| CVE-2022-38106 | Med | 0.35 | 5.4 | 0.01 | Dec 16, 2022 | This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function. | ||
| CVE-2021-32604 | Med | 0.35 | 5.4 | 0.02 | May 11, 2021 | Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS." | ||
| CVE-2020-35482 | Med | 0.35 | 5.4 | 0.02 | Feb 3, 2021 | SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS. | ||
| CVE-2020-28001 | Med | 0.35 | 5.4 | 0.04 | Feb 3, 2021 | SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS. | ||
| CVE-2023-40053 | Med | 0.33 | 5.0 | 0.01 | Dec 6, 2023 | A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. | ||
| CVE-2024-45714 | Med | 0.31 | 4.8 | 0.01 | Oct 16, 2024 | Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload. | ||
| CVE-2020-22428 | Med | 0.31 | 4.8 | 0.01 | May 5, 2021 | SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload. | ||
| CVE-2021-35249 | Med | 0.28 | 4.3 | 0.01 | May 17, 2022 | This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a… | ||
| CVE-2024-45712 | Low | 0.17 | 2.6 | 0.00 | Apr 15, 2025 | SolarWinds Serv-U is vulnerable to a client-side cross-site scripting (XSS) vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low. | ||
| CVE-2025-40541 | 0.00 | — | 0.01 | Feb 24, 2026 | An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is… | |||
| CVE-2025-40540 | 0.00 | — | 0.00 | Feb 24, 2026 | A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium… | |||
| CVE-2025-40539 | 0.00 | — | 0.00 | Feb 24, 2026 | A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium… | |||
| CVE-2025-40538 | 0.00 | — | 0.01 | Feb 24, 2026 | A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative… |
- risk 0.46cvss 7.1epss 0.00
In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable. An unprivileged Windows user (having access to the server's filesystem) can add an FTP user by copying a…
- risk 0.43cvss 6.5epss 0.04
SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal.
- risk 0.42cvss 6.5epss 0.02
A denial of service vulnerability in SolarWinds Serv-U before 15.1.6 HFv1 allows an authenticated user to crash the application (with a NULL pointer dereference) via a specially crafted URL beginning with the /Web%20Client/ substring.
- risk 0.40cvss 4.3epss 0.03
Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers…
- risk 0.40cvss 6.1epss 0.01
SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header.
- risk 0.37cvss 5.7epss 0.01
A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly.
- risk 0.35cvss 5.4epss 0.01
This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function.
- risk 0.35cvss 5.4epss 0.02
Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS."
- risk 0.35cvss 5.4epss 0.02
SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS.
- risk 0.35cvss 5.4epss 0.04
SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS.
- risk 0.33cvss 5.0epss 0.01
A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously.
- risk 0.31cvss 4.8epss 0.01
Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload.
- risk 0.31cvss 4.8epss 0.01
SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload.
- risk 0.28cvss 4.3epss 0.01
This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a…
- risk 0.17cvss 2.6epss 0.00
SolarWinds Serv-U is vulnerable to a client-side cross-site scripting (XSS) vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low.
- CVE-2025-40541Feb 24, 2026risk 0.00cvss —epss 0.01
An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is…
- CVE-2025-40540Feb 24, 2026risk 0.00cvss —epss 0.00
A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium…
- CVE-2025-40539Feb 24, 2026risk 0.00cvss —epss 0.00
A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium…
- CVE-2025-40538Feb 24, 2026risk 0.00cvss —epss 0.01
A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative…
Page 2 of 2