CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability
Source: The Hacker News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Vulnerability Details
- CVE: CVE‑2026‑25108
- CVSS v4 Score: 8.7
- Type: OS command injection
- Impact: An authenticated user can execute arbitrary commands via specially crafted HTTP requests.
“Soliton Systems K.K FileZen contains an OS command injection vulnerability when a user logs‑in to the affected product and sends a specially crafted HTTP request,” CISA stated.
Affected Versions
According to the Japan Vulnerability Notes (JVN), the vulnerability affects the following FileZen versions:
- 4.2.1 – 4.2.8
- 5.0.0 – 5.0.10
Exploitation Conditions
- Successful exploitation requires the FileZen Antivirus Check Option to be enabled.
- The attacker must sign in to the web interface with general user privileges.
- Soliton reported at least one incident of damage caused by this vulnerability.
Mitigation
- Update to FileZen version 5.0.11 or later.
- Change all user passwords as a precaution, since an attacker can log on with a compromised account.
“If you have been attacked or suspect that you have been victimized by this vulnerability, please consider not only updating to V5.0.11 or later, but also changing all user passwords as a precaution, as an attacker can log on with at least one real account,” the vendor advised.
Recommendations for Federal Agencies
Federal Civilian Executive Branch (FCEB) agencies should apply the necessary fixes by March 17, 2026 to secure their networks.