Key Findings SolarWinds has patched four critical vulnerabilities in its Serv-U file transfer server software The flaws could allow remote code execution and give attackers full root access on unpatched systems The vulnerabilities include: CVE-2025-40538: Broken access control flaw allowing creation of admin user and arbitrary code execution as root CVE-2025-40539 and CVE-2025-40540: Type confusion vulnerabilities enabling arbitrary native code execution as root CVE-2025-4054
