In the era of ever-increasing security challenges, organizations expect their secure file -transfer platforms to not only function reliably, but to lead in security. These file transfer solutions should use engineering best practices, proactive security evaluations, frequent updates and more to ensure they stay ahead of attackers. Unfortunately, that’s not always what you get with established solutions.
In particular, if your organization still depends on SolarWinds Serv-U, it’s time to ask a hard question: Is your file-transfer platform a liability waiting to happen?
Recent disclosures show a pattern of high-to-critical vulnerabilities in the Serv-U solution. For example:
- In 2021, Serv-U had a pre-auth remote code execution (RCE) vulnerability via its SSH server in default configuration
- In June 2024, Serv-U was found vulnerable to a directory-traversal bug (CVE-2024-28995) that allowed unauthenticated attackers to access files outside of intended directories
- In November 2025, three remote code execution flaws (CVE-2025-40547 / -40548 / -40549) were published – rated CVSS 9.1 in Serv-U version 15.5.3
These are not “minor bugs” — these are high-severity, exploitable vulnerabilities in a product that organizations rely on for secure file exchange. Moreover, this reactive posture raises serious questions about the priority placed on internal testing and product improvement.
What risks do recurring vulnerabilities bring to your organization?
- Reactive patching means exposure windows: When vulnerabilities are patched after public discovery, organizations face risk between disclosure, patch and full deployment of the fix. The fact that Serv-U has had multiple high-severity issues suggests its user base may face ongoing exposure from as-yet-unpublished threats.
- Operational burden and risk of mis-deployment: Your team is busy. Every patch cycle is unexpected work on top of today’s goals. If your vendor is repeatedly issuing urgent patches, your operations team is pulled into firefighting mode rather than strategic work.
- Trust and vendor security culture: The vendor’s ability to anticipate, find and proactively mitigate vulnerabilities is a signal of its security maturity. A track record of reactive fixes suggests that security is not an organizational priority.
- Compliance and assurance implications: For sectors with high regulatory demand, such as government, healthcare and finance, data breach issues can cause contract breaches and customer retention challenges. Customers are right to question their exposure, and their choice of business partner, when repeated failures occur.
In short: if you’re still running Serv-U, you may be accepting higher residual risk than you realize.
Cerberus FTP Server: A stronger alternative for secure file transfer
Switching to a platform that takes security seriously can shift you from reactive mode to proactive protection. That is exactly where Cerberus FTP Server by Redwood comes in:
Key benefits of Cerberus FTP Server include:
- Security by design: Cerberus supports TLS 1.3, strong key exchange (Ephemeral DH), RSA/DSA/ECC and compliance with FIPS 140-2 certification. The Cerberus team continually updates its product to the latest ciphers, libraries and other security tooling to prevent exploitation.
- Proactive security posture: Cerberus FTP Server undergoes quarterly internal penetration testing plus annual third-party auditing, code reviews (both Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST)), as well as Software Composition Analysis (SCA) to resolve risks in third-party libraries and open-source components, ensuring the platform is always proactively seeking weaknesses and remediating them once found
- Access control and authentication: Built-in two-factor authentication (2FA), integration with SSO/Active Directory/LDAP and IP allow/deny lists help to prevent unauthorized access by threat actors.
- Audit/logging and compliance features: Meet regulatory mandates with monitoring and tracking capabilities: Full auditing, folder-monitor, retention policies, logging of transfers – designed for regulated industries that need to demonstrate compliance easily and accurately.
- Mature blocking/automation: Cerberus allows you to configure automated policies, alerts on file transfers, automated network scanning, rogue transfer detection and retention/deletion workflows that can stop potential breaches before they start.
Why you should switch to Cerberus
Switching to Cerberus FTP Server from Serv-U means your organization will benefit from:
- Less firefighting, more focus on business outcomes: Because Cerberus is built with compliance and security in mind, your team will spend less time chasing urgent patches and more time enabling business flows and working on higher-value initiatives.
- Competitive differentiator: Business partners want to minimize risk. Using Cerberus for your secure file transfer shows them that you’re taking a proactive approach to their data security that can set you apart from your competition. This approach is especially beneficial for organizations operating in compliance-heavy industries.
In the world of file transfer, “secure” deserves more than a label. It demands a vendor with a proactive security culture. It demands Cerberus FTP Server.
Start with a free 25-day trial of Cerberus FTP Server today.