SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution.
The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below –

CVE-2025-40538 – A broken access control vulnerability that allows an attacker to create a system admin user and execute arbitrary