UrsaClimb Logo

Critical SolarWinds Serv-U flaws offer root access to servers

Bleeping Computer
by Sergiu Gatlan
February 24, 2026
AI-Generated Deep Dive Summary
SolarWinds has addressed four severe remote code execution vulnerabilities in its Serv-U file transfer software, potentially allowing attackers with high privileges to gain root access to unpatched servers. The most critical flaw, tracked as CVE-2025-40538, enables attackers to create a system admin user and execute arbitrary commands as root using domain or group admin permissions. Additionally, two type confusion flaws and an Insecure Direct Object Reference (IDOR) vulnerability were patched, all of which could be exploited for code execution with elevated privileges. Serv-U is widely used by organizations for secure file transfers via FTP, SFTP, and HTTP/S protocols. Its popularity makes it a prime target for cyberattacks, as it often grants access to sensitive corporate data. Over the years, multiple hacking groups, including state-sponsored actors, have exploited Serv-U vulnerabilities in ransomware campaigns and data theft attacks. For instance, the Clop gang used a previous vulnerability (CVE-2021-35211) to breach networks, while Chinese hackers targeted another flaw in zero-day exploits. The latest updates by SolarWinds are crucial for organizations relying on Serv-U. While the vulnerabilities require attackers to already have high privileges, they can still be exploited through privilege escalation or stolen admin credentials. Currently, thousands of exposed Serv-U servers remain vulnerable, as reported by Shodan and Shadowserver. These statistics highlight the urgent need for organizations to patch their systems immediately to prevent potential breaches. The disclosure underscores the ongoing risks associated with unpatched file transfer software, particularly in exposing sensitive corporate information. The U.S. CISA is actively monitoring nine SolarWinds flaws that are either being exploited or have been targeted in the wild. This situation emphasizes the importance of proactive security measures and timely updates to mitigate such vulnerabilities. In conclusion, while Serv-U's vulnerabilities may not be easily exploitable without existing high privileges, their
Verticals
securitytech
Originally published on Bleeping Computer on 2/24/2026