Cyber Resilience

CVE-2021-35211

CriticalCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 14 July 2021

Published
14 July 2021
Modified
27 October 2025
KEV Added
03 November 2021
Patch
13 July 2021
CVSS Score v3.1 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.9432 100.0th percentile
Risk Priority 95 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-35211 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Solarwinds Serv-U. Its CVSS base score is 9.0 (Critical).

Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2021-35211 is a remote code execution vulnerability in SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows versions prior to 15.2.3 HF2. It stems from a Remote Memory Escape issue classified under CWE-787 that permits out-of-bounds memory access, allowing an attacker to execute arbitrary code on the affected host.

An unauthenticated remote attacker can exploit the flaw over the network to obtain privileged access to the Windows system running the Serv-U service. The CVSS 3.1 score of 9.0 reflects the combination of network attack vector, high complexity, and full impact on confidentiality, integrity, and availability within a changed scope.

Microsoft and SolarWinds advisories recommend immediate upgrade to version 15.2.3 HF2 or later. The vulnerability was used as a zero-day by a threat actor and is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active in-the-wild exploitation prior to public disclosure.

EU & UK References

Vulnerability details

Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed…

more

File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

solarwinds
serv-u
15.2.3 · ≤ 15.2.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of the vendor patch (15.2.3 HF2) that eliminates the Remote Memory Escape flaw.

prevent

Enforces memory-protection mechanisms that block the out-of-bounds writes (CWE-787) used for RCE.

prevent

Restricts network exposure of the Serv-U service, reducing the attack surface for unauthenticated remote exploitation.

References