CVE-2024-45712: 
Serv-U Managed File Transfer Server vulnerability analysis and mitigation

SolarWinds Serv-U is vulnerable to a client-side cross-site scripting (XSS) vulnerability, identified as CVE-2024-45712. The vulnerability was discovered and disclosed on April 15, 2025, affecting SolarWinds Serv-U version 15.5 and earlier versions. This security issue has been assigned a low severity rating (SolarWinds Advisory, NVD).

The vulnerability is classified as a client-side cross-site scripting (XSS) issue, categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation). The vulnerability has been assigned a CVSS v3.1 base score of 2.6 (Low) with the vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N, indicating network accessibility with high attack complexity, requiring low privileges and user interaction (NVD).

The impact of this vulnerability is considered low as it can only be exploited under specific conditions. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session (Serv-U Release Notes).

SolarWinds has addressed this vulnerability in Serv-U version 15.5.1. Users are advised to upgrade to this latest version to mitigate the security risk (Serv-U Release Notes).