CISA has added a critical FileZen OS command injection vulnerability to its KEV catalog after confirming active exploitation, affecting versions 4.2.1-4.2.8 and 5.0.0-5.0.10.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in FileZen to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild. The vulnerability, tracked as CVE-2026-25108 with a CVSS v4 score of 8.7, is an OS command injection flaw that could allow authenticated users to execute arbitrary commands through specially crafted HTTP requests.
According to CISA, "Soliton Systems K.K FileZen contains an OS command injection vulnerability when a user logs-in to the affected product and sends a specially crafted HTTP request." The vulnerability specifically affects FileZen versions 4.2.1 through 4.2.8 and 5.0.0 through 5.0.10.
Soliton Systems, the Japanese technology company behind FileZen, has confirmed that successful exploitation is only possible when the FileZen Antivirus Check Option is enabled. The company has received at least one report of damage caused by exploitation of this vulnerability. Crucially, attackers must sign in to the web interface with general user privileges to execute an attack.
To address this critical security issue, Soliton has released version 5.0.11, which includes the necessary security patches. Users are strongly advised to update to this version or later. Additionally, Soliton recommends changing all user passwords as a precautionary measure, noting that "an attacker can log on with at least one real account."
Federal Civilian Executive Branch (FCEB) agencies face a specific deadline, with CISA requiring them to apply the necessary fixes by March 17, 2026, to secure their networks. This mandate underscores the severity of the threat and the urgency of remediation.
The addition of CVE-2026-25108 to CISA's KEV catalog serves as a clear indicator that this vulnerability poses a significant threat to organizations using FileZen. The KEV catalog is specifically designed to highlight vulnerabilities that are known to be actively exploited in the wild, making it a critical resource for organizations prioritizing their patch management efforts.
For organizations using FileZen, immediate action is required. The vulnerability's CVSS v4 score of 8.7 places it in the "high" severity category, and the confirmed active exploitation means that delaying patches could result in compromise. Organizations should not only update to the latest version but also review their authentication logs and consider implementing additional monitoring for suspicious activity.
This incident highlights the ongoing challenges in securing file transfer systems, which often serve as critical infrastructure for organizations. Command injection vulnerabilities like CVE-2026-25108 can provide attackers with significant control over affected systems, potentially leading to data theft, system compromise, or lateral movement within networks.
Organizations should also review their broader security posture, ensuring that antivirus features are properly configured and that user authentication is properly managed. The fact that this vulnerability requires user authentication to exploit doesn't diminish its severity—rather, it emphasizes the importance of protecting user credentials and monitoring for unauthorized access attempts.
Comments
Please log in or register to join the discussion