【資安漏洞預警】SolarWinds旗下Serv-U軟體存在4個重大資安漏洞

【行政公告】

公告單位	圖資處數位服務組
訊息類別	行政公告行政公告	公告對象	全體
公告主題	【資安漏洞預警】SolarWinds旗下Serv-U軟體存在4個重大資安漏洞 [Security Vulnerability Alert] SolarWinds' Serv-U software has four major cybersecurity vulnerabilities.
公告內容	轉發台灣電腦網路危機處理暨協調中心資安訊息警訊 TWCERTCC-200-202602-00000015 [內容說明] SolarWinds Serv-U是一款用於安全文件傳輸的伺服器軟體，支援FTP、FTPS、SFTP等多種協議，具備易用的管理介面，並支援跨平台與跨裝置存取等功能。日前，SolarWinds發布旗下產品Serv-U存在4個重大資安漏洞。【CVE-2025-40538，CVSS：9.1】此為存取控制漏洞，允許攻擊者建立系統管理員，並透過網域管理員或群組管理員權限，以特權帳號身分執行任意程式碼。【CVE-2025-40539，CVSS：9.1】此為類型混淆漏洞，允許攻擊者能以特權帳號身分執行任意本機程式碼。【CVE-2025-40540，CVSS：9.1】此為類型混淆漏洞，允許攻擊者能以特權帳號身分執行任意本機程式碼。【CVE-2025-40541，CVSS：9.1】此為不安全直接物件參考(IDOR)漏洞，允許攻擊者能以特權帳號身分執行任意本機程式碼。 [影響平台] SolarWinds Serv-U 15.5版本 [建議措施] 請更新至以下版本： SolarWinds Serv-U 15.5.4(含)之後版本 Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202602-00000015 [Content Description] SolarWinds Serv-U is a server software for secure file transfer, supporting multiple protocols such as FTP, FTPS, and SFTP. It features an easy-to-use management interface and supports cross-platform and cross-device access. Recently, SolarWinds released information that its Serv-U product contains four critical cybersecurity vulnerabilities. 【CVE-2025-40538, CVSS: 9.1】 This is an access control vulnerability that allows attackers to create a system administrator account and execute arbitrary code with privileged accounts through domain administrator or group administrator privileges. 【CVE-2025-40539, CVSS: 9.1】 This is a type obfuscation vulnerability that allows attackers to execute arbitrary native code with privileged accounts. 【CVE-2025-40540, CVSS: 9.1】This is a type obfuscation vulnerability that allows an attacker to execute arbitrary native code with a privileged account. 【CVE-2025-40541, CVSS: 9.1】This is an insecure direct object reference (IDOR) vulnerability that allows an attacker to execute arbitrary native code with a privileged account. [Affected Platforms] SolarWinds Serv-U version 15.5 [Recommended Actions] Please update to the following version: SolarWinds Serv-U 15.5.4 or later
相關訊息
公告時間	2026/3/10 至 2026/9/10	點閱次數	71