Four newly disclosed critical CVEs could allow attackers to create privileged accounts and execute arbitrary code, and they reinforce SolarWinds’ status as a high-value target.

CSO Online offers insights into cybersecurity, risk management, and IT leadership, providing articles, reports, and expert analysis to help security professionals navigate the evolving threat landscape and protect their organizations from cyber attacks. By exploring CSO Online's curated content, CISOs, security managers, and IT executives can learn about threat intelligence, security frameworks, and incident response strategies for building resilient cybersecurity programs. Whether you're defending against ransomware, phishing attacks, or insider threats, CSO Online offers resources to strengthen your security posture and safeguard your digital assets.

CSO Online

SolarWinds has patched four critical CVEs in its Serv-U managed file transfer server, all rated at the highest severity. The vulnerabilities—including broken access control and type confusion flaws—could allow attackers with existing admin access to create privileged accounts, execute arbitrary code as root, deploy malware, and pivot laterally across environments. Security experts urge immediate patching, log review for prior exploitation, and treating any compromise as a full-system incident. The disclosures continue a pattern of high-severity findings across SolarWinds products, reinforcing the company's status as a high-value target for both criminal and nation-state actors.

New Serv-U bugs extend SolarWinds’ run of high-severity disclosures