The United States Cybersecurity and Infrastructure Security Agency has officially added a newly revealed security flaw in FileZen to its Known Exploited Vulnerabilities (KEV) catalog after confirming that threat actors are actively abusing the issue in real world attacks.
The vulnerability, identified as CVE-2026-25108, carries a CVSS v4 severity rating of 8.7 and involves an operating system command injection weakness that could allow authenticated users to execute arbitrary commands through specially crafted HTTP requests.
Nature of the Security Flaw
According to CISA, the flaw exists when a legitimate user logs in to an affected FileZen instance and sends a maliciously structured HTTP request. Under these conditions, the system may improperly process the input, resulting in OS level command execution.
The issue impacts the following versions of FileZen:
- Versions 4.2.1 through 4.2.8
- Versions 5.0.0 through 5.0.10
Details published by Japan Vulnerability Notes confirm that the weakness affects multiple supported releases of the file transfer platform.
Exploitation Conditions and Risk Factors
Developer Soliton Systems K.K. clarified that successful exploitation is possible only when the FileZen Antivirus Check Option is enabled.
The company acknowledged receiving at least one confirmed report of damage linked to real world exploitation. However, attackers must first authenticate to the web interface using valid user level credentials before attempting to leverage the vulnerability.
This requirement suggests that compromised credentials or insider access could significantly increase risk exposure.
Mitigation and Security Recommendations
Soliton Systems has released a patch addressing the flaw. Users are strongly advised to upgrade to FileZen version 5.0.11 or later without delay.
In addition to updating, the company recommends:
- Resetting all user passwords as a precautionary measure
- Reviewing account access logs for suspicious activity
- Ensuring that exposed web interfaces are properly secured
Because exploitation requires at least one legitimate account, credential hygiene is considered a critical defense step.
Federal Deadline for Remediation
CISA has instructed Federal Civilian Executive Branch, FCEB, agencies to apply the necessary updates by March 17, 2026. Inclusion in the KEV catalog means the vulnerability poses a significant risk to government networks and must be prioritized.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
