KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

Back to KEVs

7.5

CVSS
High

CVE-2021-35250

PUBLISHED

Directory Transversal Vulnerability in Serv-U 15.3

Exploited in the wild PoC available Remote Low complexity No user interaction

Vendor: SolarWinds
Product: Serv-U
Published: Apr 25, 2022
EPSS: —

Description

A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.

windows nuclei_scanner

CVSS scores

CVSS v3.1 7.5 High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitation status

Exploited in the wild

Recorded 2025-04-26 00:00:00 UTC · Source

Proof of concept available

Recorded 2023-04-13 05:13:38 UTC · Source

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
The Shadowserver (via CIRCL)	Apr 26, 2025

Scanner integrations

Scanner	Reference	Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-35250.yaml	Apr 25, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

rissor41/SolarWinds-CVE-2021-35250

github · Created 2023-04-13 05:13:38 UTC · 8 stars

Timeline

CVE ID Reserved

June 22, 2021
CVE Published to Public

April 25, 2022
Proof of Concept Exploit Available

April 13, 2023
Detected by Nuclei

April 25, 2025
Added to KEVIntel

April 26, 2025