SolarWinds has released patches for three critical vulnerabilities in its Serv-U file transfer software. One major flaw, identified as CVE-2025-40549, allows a threat actor with administrator rights to bypass path restrictions and execute arbitrary code in a directory. This vulnerability has a medium severity rating on Windows due to differences in path and home directory handling. Another issue, CVE-2025-40548, involves broken access control, which also enables an attacker with admin privileges to run arbitrary code. The vulnerabilities are part of a broader list managed by CISA, which currently includes seven known flaws in SolarWinds products, affecting various services like Web Help Desk and Orion. SolarWinds has faced scrutiny in the past for security issues, highlighting the importance of these patches. The cybersecurity community remains vigilant, as these vulnerabilities could be exploited by malicious actors if not addressed promptly.