In a security alert, CISA added a vulnerability in Soliton Systems K.K. FileZen to its Known Exploited Vulnerabilities catalog on Tuesday, citing evidence of active exploitation. The flaw is tracked as CVE-2026-25108 with a CVSS v4 score of 8.7.
KEY FACTS
- Incident OS command injection in FileZen allows authenticated users to run arbitrary OS commands
- CVE CVE-2026-25108, CVSS v4 8.7
- Affected FileZen versions 4.2.1 to 4.2.8 and 5.0.0 to 5.0.10
- Mitigation Update to version 5.0.11 or later
- Deadline Federal Civilian Executive Branch must apply fixes by March 17, 2026
The vulnerability can be triggered when an authenticated user sends a specially crafted HTTP request after logging in. Successful exploitation permits execution of arbitrary operating system commands on affected installations.
Affected releases include FileZen versions 4.2.1 through 4.2.8 and 5.0.0 through 5.0.10. The issue is identified as CVE-2026-25108 and carries a CVSS v4 score of 8.7.
Soliton Systems K.K. advisory: successful exploitation is only possible when the FileZen Antivirus Check Option is enabled. At least one damage incident is recorded. Exploitation requires signing in with a general user account.
Update to version 5.0.11 or later is recommended. If systems are believed to be compromised, change all user passwords as a precaution and follow standard incident response steps.
WHY IT MATTERS
An authenticated command injection with documented active exploitation and a high severity score increases the risk of full system compromise on affected FileZen deployments. Organizations using the product should apply the update promptly and meet the FCEB remediation deadline to reduce exposure.