Cybersecurity & Privacy

CISA Adds FileZen CVE-2026-25108 to Exploited Vulnerabilities List

alex2404
By
alex2404
Byalex2404
Follow:
Disclosure: This website may contain affiliate links, which means I may earn a commission if you click on the link and make a purchase. I only recommend products or services that I personally use and believe will add value to my readers. Your support is appreciated!

CISA has added a newly disclosed vulnerability in FileZen, a file transfer product developed by Japanese firm Soliton Systems K.K., to its Known Exploited Vulnerabilities catalog after confirming active exploitation in the wild.

Contents

The flaw, tracked as CVE-2026-25108 with a CVSS v4 score of 8.7, is an operating system command injection vulnerability. An authenticated user with general privileges can exploit it by sending a specially crafted HTTP request after logging into the web interface.

How the Attack Works

CISA’s advisory is direct: “Soliton Systems K.K FileZen contains an OS command injection vulnerability when a user logs-in to the affected product and sends a specially crafted HTTP request.” The agency provided no further technical breakdown beyond that description.

Soliton confirmed one important precondition. Exploitation is only possible when the FileZen Antivirus Check Option is enabled on the affected system. Without that feature active, the attack vector does not apply.

The company also acknowledged real-world impact, stating it has “received at least one report of damage caused by the exploitation of this vulnerability.” The attacker, Soliton noted, must hold at least one legitimate account to gain initial access to the web interface.

Affected Versions and Patch Guidance

According to Japan Vulnerability Notes, the flaw affects multiple versions of the FileZen product. Soliton has issued a patch, and users are advised to upgrade to version 5.0.11 or later immediately.

More Read

CanisterWorm Hits 47 npm Packages in Trivy Supply Chain Attack
Perseus Android Malware Monitors Notes Apps for Financial Data
Oracle Emergency Patch Fixes Critical RCE Flaw CVE-2026-21992
PolyShell Flaw Enables Unauthenticated RCE on Magento Stores
INTERPOL Seizes 45,000 Malicious IPs in Global Cybercrime Sweep

The company went further for organizations that may already be compromised. Its advisory recommends changing all user passwords as a precaution, reasoning that an attacker who successfully exploited the flaw could have logged in using at least one real account. Updating alone may not be sufficient if credentials were already accessed.

  • Vulnerability: OS command injection via crafted HTTP request
  • CVSS v4 score: 8.7
  • Precondition: FileZen Antivirus Check Option must be enabled
  • Required access: Authenticated general user privileges
  • Fix: Update to version 5.0.11 or later

Federal Deadline Set for March 17

Federal Civilian Executive Branch agencies operate under a binding directive requiring them to remediate all vulnerabilities listed in CISA’s KEV catalog within defined timeframes. For CVE-2026-25108, the deadline is March 17, 2026.

The KEV catalog listing signals that CISA has verified exploitation activity, not just theoretical risk. Agencies running FileZen with the antivirus option enabled should treat this as an active threat rather than a pending one.

For private sector organizations using FileZen, CISA’s advisory effectively functions as a warning to patch without delay and audit user accounts for any signs of unauthorized access.

Photo by Aysegul Alp on Unsplash

This article is a curated summary based on third-party sources. Source: Read the original article

TAGGED:
Share This Article
Previous Article Apple MacBook Air M5 and MacBook Pro M5 Pro Prices
Next Article Kimwolf Botnet Disrupts I2P Anonymity Network With Sybil Attack
Archives