SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution.
The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below –
CVE-2025-40538 – A broken access control vulnerability that allows an attacker to create a system admin user and execute arbitrary
Source: https://thehackernews.com/2026/02/solarwinds-patches-4-critical-serv-u.html