# Critical SolarWinds Serv-U Flaws Offer Root Access to Servers: A Cybersecurity Alert
In a recent security update, SolarWinds has released patches for four critical vulnerabilities in its Serv-U remote code execution (RCE) software. These flaws, tracked as CVE-2025-40538, CVE-2024-28995, and two type confusion flaws, allow attackers to gain root access to unpatched servers with high privileges. This highlights the ongoing threat landscape in cybersecurity, where organizations must remain vigilant against potential exploitation attempts.
The Serv-U software is used by various organizations for secure file transfer via FTP, SFTP, HTTP/S, and FTPS protocols. Its self-hosted nature makes it a prime target for hackers seeking to exploit vulnerabilities in data theft attacks. Over the last five years, groups such as the Clop gang have targeted Serv-U vulnerabilities, including CVE-2021-35211, which has been used in ransomware attacks.
According to Shodan, over 12,000 Internet-exposed Serv-U servers are currently being tracked, while estimates from Shadowserver suggest that fewer than 1,200 may be exposed. However, this highlights the potential for widespread exploitation if attackers can chain privilege escalation vulnerabilities or use stolen admin credentials.
In a statement, SolarWinds emphasized the severity of these flaws: "A broken access control vulnerability exists in Serv-U which, when exploited, gives an attacker the ability to create a system admin user and execute arbitrary code as root via domain admin or group admin privileges." This is further compounded by the fact that these vulnerabilities require attackers to have high privileges on targeted servers.
The SolarWinds Serv-U path traversal flaw (CVE-2024-28995), actively exploited in June 2024, has been linked to threat actors using publicly available proof-of-concept exploits. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking nine SolarWinds security flaws that have either been or are still being exploited in the wild.
The incident serves as a reminder of the importance of maintaining up-to-date software, monitoring for vulnerabilities, and implementing robust cybersecurity measures to prevent data breaches. As the threat landscape continues to evolve, organizations must prioritize proactive security strategies to protect their systems from emerging threats.
In conclusion, the critical SolarWinds Serv-U flaws offer root access to servers highlight the need for ongoing vigilance in the face of evolving cybersecurity threats. By prioritizing software updates, vulnerability monitoring, and robust security protocols, organizations can reduce the risk of exploitation attempts and safeguard sensitive data.
### Key Takeaways:
* Four critical vulnerabilities exist in SolarWinds Serv-U remote code execution (RCE) software. * These flaws allow attackers to gain root access to unpatched servers with high privileges. * Over 12,000 Internet-exposed Serv-U servers are currently being tracked by Shodan. * The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is tracking nine SolarWinds security flaws that have either been or are still being exploited in the wild.
### References:
* "SolarWinds Releases Patches for Critical Serv-U Vulnerabilities" - SolarWinds * "U.S. Cybersecurity and Infrastructure Security Agency (CISA)" - CISA * "Shodan Tracks Over 12,000 Internet-Exposed Serv-U Servers" - Shodan