CISA Verifies Active FileZen CVE-2026-25108 Vulnerability Exploitation

Citing evidence of active exploitation, the U.S This article explores filezen vulnerability known. . Cybersecurity and Infrastructure Security Agency (CISA) added a recently discovered FileZen vulnerability to its Known Exploited Vulnerabilities (KEV) catalog on Tuesday.

The operating system (OS) command injection vulnerability, identified as CVE-2026-25108 (CVSS v4 score: 8.7), may enable an authorized user to carry out arbitrary commands through carefully constructed HTTP requests. According to CISA, "Soliton Systems K.K. FileZen contains an OS command injection vulnerability when a user logs-in to the affected product and sends a specially crafted HTTP request."

The following file transfer product versions are impacted by the vulnerability, per the Japan Vulnerability Notes (JVN): 4.2.1 to 4.2.8 Versions 5.0.0 to 5.0.10 This vulnerability can only be successfully exploited if FileZen Antivirus Check Option is enabled, according to Soliton's advisory, which also stated that it has "received at least one report of damage caused by the exploitation of this vulnerability." The Japanese technology company also disclosed that in order to launch an attack, a bad actor needs to log in to the web interface with general user privileges. To lessen the threat, users are urged to update to version 5.0.11 or later.

"As an attacker can log on with at least one real account, please consider updating to V5.0.11 or later and changing all user passwords as a precaution if you have been attacked or suspect that you have been a victim of this vulnerability," it continued. It is recommended that Federal Civilian Executive Branch (FCEB) agencies secure their networks by implementing the required fixes by March 17, 2026.