certfr_avis - certfr-2025-avi-1020

CERTFR-2025-AVI-1020

Vulnerability from certfr_avis - Published: 2025-11-19 - Updated: 2025-11-19

De multiples vulnérabilités ont été découvertes dans les produits SolarWinds. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	SolarWinds	Observability Self-Hosted	Observability Self-Hoste versions antérieures à 2025.4
	SolarWinds	Serv-U	SolarWinds versions antérieures à 15.5.2.2.102

References

Title

Publication Time

Tags

Bulletin de sécurité SolarWinds cve-2025-40548	2025-11-18	vendor-advisory
Bulletin de sécurité SolarWinds cve-2025-40549	2025-11-18	vendor-advisory
Bulletin de sécurité SolarWinds cve-2025-26391	2025-11-18	vendor-advisory
Bulletin de sécurité SolarWinds cve-2025-40547	2025-11-18	vendor-advisory
Bulletin de sécurité SolarWinds cve-2025-40545	2025-11-18	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Observability Self-Hoste  versions ant\u00e9rieures \u00e0 2025.4",
      "product": {
        "name": "Observability Self-Hosted",
        "vendor": {
          "name": "SolarWinds",
          "scada": false
        }
      }
    },
    {
      "description": "SolarWinds versions ant\u00e9rieures \u00e0 15.5.2.2.102",
      "product": {
        "name": "Serv-U",
        "vendor": {
          "name": "SolarWinds",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-40548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40548"
    },
    {
      "name": "CVE-2025-26391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26391"
    },
    {
      "name": "CVE-2025-40545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40545"
    },
    {
      "name": "CVE-2025-40547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40547"
    },
    {
      "name": "CVE-2025-40549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40549"
    }
  ],
  "initial_release_date": "2025-11-19T00:00:00",
  "last_revision_date": "2025-11-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1020",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-11-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SolarWinds. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SolarWinds",
  "vendor_advisories": [
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2025-40548",
      "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40548"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2025-40549",
      "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40549"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2025-26391",
      "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26391"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2025-40547",
      "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40547"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 SolarWinds cve-2025-40545",
      "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40545"
    }
  ]
}

CVE-2025-40548 (GCVE-0-2025-40548)

Vulnerability from cvelistv5 – Published: 2025-11-18 08:38 – Updated: 2025-11-19 04:55

Summary

A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.

Severity ?

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-269 - Improper Privilege Management

Assigner

SolarWinds

References

URL

Tags

	https://www.solarwinds.com/trust-center/security-…
	https://documentation.solarwinds.com/en/success_c…

Impacted products

	Vendor	Product	Version
	SolarWinds	Serv-U	Affected: SolarWinds Serv-U 15.5.2 and prior versions

Credits

SolarWinds would like to thank researchers working with Intigriti on our bug bounty program

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-40548",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-18T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-19T04:55:22.266Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows",
            "Linux"
          ],
          "product": "Serv-U",
          "vendor": "SolarWinds",
          "versions": [
            {
              "status": "affected",
              "version": "SolarWinds Serv-U 15.5.2 and prior versions"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "SolarWinds would like to thank researchers working with Intigriti on our bug bounty program"
        }
      ],
      "datePublic": "2025-11-18T14:14:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. \u003cbr\u003e\u003cbr\u003eThis issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. \u003cbr\u003e"
            }
          ],
          "value": "A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. \n\nThis issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-18T08:38:19.354Z",
        "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "shortName": "SolarWinds"
      },
      "references": [
        {
          "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40548"
        },
        {
          "url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-3_release_notes.htm"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "SolarWinds recommends that customers upgrade to SolarWinds Serv-U 15.5.3 as soon as it becomes available.\u003cbr\u003e"
            }
          ],
          "value": "SolarWinds recommends that customers upgrade to SolarWinds Serv-U 15.5.3 as soon as it becomes available."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "SolarWinds Serv-U Broken Access Control - Remote Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
    "assignerShortName": "SolarWinds",
    "cveId": "CVE-2025-40548",
    "datePublished": "2025-11-18T08:38:19.354Z",
    "dateReserved": "2025-04-16T08:01:25.942Z",
    "dateUpdated": "2025-11-19T04:55:22.266Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-40545 (GCVE-0-2025-40545)

Vulnerability from cvelistv5 – Published: 2025-11-18 08:55 – Updated: 2025-11-18 21:42

Summary

SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required.

Severity ?

4.8 (Medium)


                        
                          CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Assigner

SolarWinds

References

URL

Tags

	https://www.solarwinds.com/trust-center/security-…
	https://documentation.solarwinds.com/en/success_c…

Impacted products

	Vendor	Product	Version
	SolarWinds	SolarWinds Observability Self-Hosted	Affected: SolarWinds Observability Self-Hosted 2025.4 and prior versions

Credits

Frédéric Goossens

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-40545",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-18T21:40:42.477954Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-18T21:42:35.078Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows"
          ],
          "product": "SolarWinds Observability Self-Hosted",
          "vendor": "SolarWinds",
          "versions": [
            {
              "status": "affected",
              "version": "SolarWinds Observability Self-Hosted 2025.4 and prior versions"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Fr\u00e9d\u00e9ric Goossens"
        }
      ],
      "datePublic": "2025-11-18T14:28:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required.  \u003cbr\u003e"
            }
          ],
          "value": "SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-159",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-159 Redirect Access to Libraries"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-18T08:55:52.919Z",
        "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "shortName": "SolarWinds"
      },
      "references": [
        {
          "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40545"
        },
        {
          "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/hco_2025-4-1_release_notes.htm"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "SolarWinds recommends that customers upgrade to SolarWinds Observability Self-Hosted 2025.4 SR1 \u003cbr\u003e"
            }
          ],
          "value": "SolarWinds recommends that customers upgrade to SolarWinds Observability Self-Hosted 2025.4 SR1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "SolarWinds Observability Self-Hosted Open Redirection Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
    "assignerShortName": "SolarWinds",
    "cveId": "CVE-2025-40545",
    "datePublished": "2025-11-18T08:55:52.919Z",
    "dateReserved": "2025-04-16T08:01:25.942Z",
    "dateUpdated": "2025-11-18T21:42:35.078Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-40549 (GCVE-0-2025-40549)

Vulnerability from cvelistv5 – Published: 2025-11-18 08:41 – Updated: 2025-11-19 04:55

Summary

A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences in how paths and home directories are handled.

Severity ?

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

SolarWinds

References

URL

Tags

	https://www.solarwinds.com/trust-center/security-…
	https://documentation.solarwinds.com/en/success_c…

Impacted products

	Vendor	Product	Version
	SolarWinds	Serv-U	Affected: SolarWinds Serv-U 15.5.2 and prior versions

Credits

Maurice Moss

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-40549",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-18T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-19T04:55:21.438Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows",
            "Linux"
          ],
          "product": "Serv-U",
          "vendor": "SolarWinds",
          "versions": [
            {
              "status": "affected",
              "version": "SolarWinds Serv-U 15.5.2 and prior versions"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Maurice Moss"
        }
      ],
      "datePublic": "2025-11-18T14:19:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. \u003cbr\u003e\u003cbr\u003eThis issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences in how paths and home directories are handled. \u003cbr\u003e"
            }
          ],
          "value": "A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. \n\nThis issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences in how paths and home directories are handled."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-253",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-253 Remote Code Inclusion"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-18T08:41:24.582Z",
        "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "shortName": "SolarWinds"
      },
      "references": [
        {
          "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40549"
        },
        {
          "url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-3_release_notes.htm"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "SolarWinds recommends that customers upgrade to SolarWinds Serv-U 15.5.3 as soon as it becomes available.\n\n\u003cbr\u003e"
            }
          ],
          "value": "SolarWinds recommends that customers upgrade to SolarWinds Serv-U 15.5.3 as soon as it becomes available."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "SolarWinds Serv-U Path Restriction Bypass Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
    "assignerShortName": "SolarWinds",
    "cveId": "CVE-2025-40549",
    "datePublished": "2025-11-18T08:41:24.582Z",
    "dateReserved": "2025-04-16T08:01:25.942Z",
    "dateUpdated": "2025-11-19T04:55:21.438Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-40547 (GCVE-0-2025-40547)

Vulnerability from cvelistv5 – Published: 2025-11-18 08:35 – Updated: 2025-11-19 04:55

Summary

A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.

Severity ?

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-116 - Improper Encoding or Escaping of Output

Assigner

SolarWinds

References

URL

Tags

	https://www.solarwinds.com/trust-center/security-…
	https://documentation.solarwinds.com/en/success_c…

Impacted products

	Vendor	Product	Version
	SolarWinds	Serv-U	Affected: SolarWinds Serv-U 15.5.2 and prior versions

Credits

SolarWinds would like to thank researchers working with Intigriti on our bug bounty program

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-40547",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-18T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-19T04:55:23.020Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows",
            "Linux"
          ],
          "product": "Serv-U",
          "vendor": "SolarWinds",
          "versions": [
            {
              "status": "affected",
              "version": "SolarWinds Serv-U 15.5.2 and prior versions"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "SolarWinds would like to thank researchers working with Intigriti on our bug bounty program"
        }
      ],
      "datePublic": "2025-11-18T14:05:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with access to admin privileges the ability to execute code. \u003cbr\u003e\u003cbr\u003eThis issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. \u003cbr\u003e"
            }
          ],
          "value": "A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with access to admin privileges the ability to execute code. \n\nThis issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-253",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-253 Remote Code Inclusion"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-116",
              "description": "CWE-116 Improper Encoding or Escaping of Output",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-18T08:35:03.970Z",
        "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "shortName": "SolarWinds"
      },
      "references": [
        {
          "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40547"
        },
        {
          "url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-3_release_notes.htm"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "SolarWinds recommends that customers upgrade to SolarWinds Serv-U 15.5.3 as soon as it becomes available.\n\n\u003cbr\u003e"
            }
          ],
          "value": "SolarWinds recommends that customers upgrade to SolarWinds Serv-U 15.5.3 as soon as it becomes available."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "SolarWinds Serv-U Logic Abuse - Remote Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
    "assignerShortName": "SolarWinds",
    "cveId": "CVE-2025-40547",
    "datePublished": "2025-11-18T08:35:03.970Z",
    "dateReserved": "2025-04-16T08:01:25.942Z",
    "dateUpdated": "2025-11-19T04:55:23.020Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-26391 (GCVE-0-2025-26391)

Vulnerability from cvelistv5 – Published: 2025-11-18 08:53 – Updated: 2025-11-18 21:02

Summary

SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds Platform was susceptible to a XSS vulnerability that affects user-created URL fields. This vulnerability requires authentication from a low-level account.

Severity ?

5.4 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

SolarWinds

References

URL

Tags

	https://www.solarwinds.com/trust-center/security-…
	https://documentation.solarwinds.com/en/success_c…

Impacted products

	Vendor	Product	Version
	SolarWinds	SolarWinds Observability Self-Hosted	Affected: SolarWinds Observability Self-Hosted 2025.4 and prior versions

Credits

KPN REDteam

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-26391",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-18T21:02:37.387910Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-18T21:02:45.370Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows"
          ],
          "product": "SolarWinds Observability Self-Hosted",
          "vendor": "SolarWinds",
          "versions": [
            {
              "status": "affected",
              "version": "SolarWinds Observability Self-Hosted 2025.4 and prior versions"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "KPN REDteam"
        }
      ],
      "datePublic": "2025-11-18T14:33:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds Platform was susceptible to a XSS vulnerability that affects user-created URL fields. This vulnerability requires authentication from a low-level account.  \u003cbr\u003e"
            }
          ],
          "value": "SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds Platform was susceptible to a XSS vulnerability that affects user-created URL fields. This vulnerability requires authentication from a low-level account."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-63",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-63 Cross-Site Scripting (XSS)"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-18T08:53:01.036Z",
        "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "shortName": "SolarWinds"
      },
      "references": [
        {
          "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26391"
        },
        {
          "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/hco_2025-4-1_release_notes.htm"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "SolarWinds recommends that customers upgrade to SolarWinds Observability Self-Hosted 2025.4 SR1\u003cbr\u003e"
            }
          ],
          "value": "SolarWinds recommends that customers upgrade to SolarWinds Observability Self-Hosted 2025.4 SR1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "SolarWinds Observability Self-Hosted XSS Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
    "assignerShortName": "SolarWinds",
    "cveId": "CVE-2025-26391",
    "datePublished": "2025-11-18T08:53:01.036Z",
    "dateReserved": "2025-02-08T00:19:09.394Z",
    "dateUpdated": "2025-11-18T21:02:45.370Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2025-AVI-1020

Solutions

CVE-2025-40548 (GCVE-0-2025-40548)

CVE-2025-40545 (GCVE-0-2025-40545)

CVE-2025-40549 (GCVE-0-2025-40549)

CVE-2025-40547 (GCVE-0-2025-40547)

CVE-2025-26391 (GCVE-0-2025-26391)

Tags

Sightings

Nomenclature