CVE-2021-35250

HIGH EXPLOITED NUCLEI

SolarWinds Serv-U 15.3 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2021-35250 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including rissor41. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository provides a technical writeup and proof-of-concept for CVE-2021-35250, a directory traversal vulnerability in SolarWinds Serv-U version 15.3.0.X. The author describes the vulnerability, its exploitation method, and includes screenshots demonstrating the attack.

Description

A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.

Exploits (1)

nomisec WRITEUP 8 stars
by rissor41 · infoleak
https://github.com/rissor41/SolarWinds-CVE-2021-35250

This repository provides a technical writeup and proof-of-concept for CVE-2021-35250, a directory traversal vulnerability in SolarWinds Serv-U version 15.3.0.X. The author describes the vulnerability, its exploitation method, and includes screenshots demonstrating the attack.

Classification
Writeup 80%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: SolarWinds Serv-U v15.3.0.X
No auth needed
Prerequisites: Access to the target Serv-U instance · Knowledge of file paths on the target system
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

SolarWinds Serv-U 15.3 - Directory Traversal
HIGHby johnk3r,pdteam
Shodan: product:"Rhinosoft Serv-U httpd" || product:"rhinosoft serv-u httpd"

References (2)

Core 2

Scores

CVSS v3 7.5
EPSS 0.1353
EPSS Percentile 96.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2023-12-24
CWE
CWE-22
Status published
Products (1)
solarwinds/serv-u 15.3
Published Apr 25, 2022
Tracked Since Feb 18, 2026