The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added the recently disclosed FileZen vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
This vulnerability, tracked as CVE-2026-25108 (CVSS v4 score: 8.7), is a case of operating system (OS) command injection that could allow authenticated users to execute arbitrary commands via a specially crafted HTTP request.
CISA stated that “Soliton Systems, Inc.’s FileZen contains an OS command injection vulnerability that could occur if a user logs into the affected product and sends a specially crafted HTTP request.”
According to Japan Vulnerability Notes (JVN), this vulnerability affects the following versions of file transfer products:
Version 4.2.1 – 4.2.8 Version 5.0.0 – 5.0.10
Soliton noted in its advisory that exploitation of this issue is only possible if the FileZen Antivirus Check Option is enabled, adding that it has “received at least one report of damage caused by exploitation of this vulnerability.”
The Japanese technology company also revealed that attackers would need to sign in to the web interface with regular user privileges to carry out the attack. To mitigate this threat, we recommend updating to version 5.0.11 or later.
“If you have been attacked or suspect you have been a victim of this vulnerability, in addition to updating to V5.0.11 or later, please also consider changing passwords for all users as a precaution, as an attacker can log on with at least one real account,” it added.
Federal Civilian Executive Branch (FCEB) agencies are encouraged to apply the necessary fixes by March 17, 2026 to protect their networks.
Source link
