The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a newly disclosed FileZen vulnerability to its Known Exploited Vulnerabilities (KEV) catalog after confirming evidence of active exploitation.
The flaw, identified as CVE‑2026‑25108 and rated 8.7 under CVSS v4, is an OS command injection vulnerability that allows an authenticated user to run arbitrary commands by sending specially crafted HTTP requests.
According to CISA, the issue occurs when “Soliton Systems K.K. FileZen contains an OS command injection vulnerability during user login, triggered by a specially crafted HTTP request.”
Japan Vulnerability Notes (JVN) states that the following FileZen versions are affected:
- 4.2.1 through 4.2.8
- 5.0.0 through 5.0.10
Soliton noted that exploitation is only possible when the FileZen Antivirus Check Option is enabled and acknowledged receiving at least one report of damage resulting from real‑world exploitation. The company added that attackers must first authenticate to the web interface using a general user account.
Users are urged to update to version 5.0.11 or later. Soliton also recommends changing all user passwords if exploitation is suspected, noting that an attacker could authenticate with at least one compromised account.
CISA has directed Federal Civilian Executive Branch (FCEB) agencies to apply the required patches by March 17, 2026 to protect their environments.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
