Threat actors are actively exploiting a critical path-traversal vulnerability, CVE-2024-28995, in SolarWinds Serv-U. By leveraging publicly available proof-of-concept (PoC) exploits, attackers can successfully exploit this vulnerability, allowing unauthenticated access to read sensitive files on the target server.