SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution.
The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below -

CVE-2025-40538 - A broken access control vulnerability that allows an attacker to create a system admin user and execute arbitrary



Source: TheHackerNews
Source Link: https://thehackernews.com/2026/02/solarwinds-patches-4-critical-serv-u.html