CISA Warns of Active Exploitation of FileZen CVE-2026-25108 Vulnerability

Post Views: 18

FileZen Vulnerability Added to CISA’s KEV Catalog

A recently disclosed vulnerability in the FileZen file transfer product has been added to the Known Exploited Vulnerabilities (KEV) catalog by the US Cybersecurity and Infrastructure Security Agency (CISA), indicating active exploitation by threat actors.

Vulnerability Details

The vulnerability, identified as CVE-2026-25108, is a case of operating system command injection that can be exploited by an authenticated user to execute arbitrary commands via specially crafted HTTP requests.

According to the Japan Vulnerability Notes (JVN), the vulnerability affects FileZen versions 4.2.1 to 4.2.8 and 5.0.0 to 5.0.10.

Successful exploitation of the issue is only possible when the FileZen Antivirus Check Option is enabled. Furthermore, a bad actor must sign in to the web interface with general user privileges to carry out an attack.

Vendor Response and Mitigation

Soliton Systems K.K, the Japanese technology company behind FileZen, has confirmed that it has received at least one report of damage caused by the exploitation of this vulnerability. The company has advised users to update to version 5.0.11 or later to mitigate the threat.

Additionally, users are recommended to change all user passwords as a precaution, as an attacker can log on with at least one real account.

Government Advisory

Federal Civilian Executive Branch (FCEB) agencies have been advised to apply the necessary fixes by March 17, 2026, to secure their networks.

Severity and Impact

The vulnerability has been assigned a CVSS v4 score of 8.7, indicating a high level of severity.

Conclusion

The exploitation of this vulnerability highlights the importance of patch management and software security in preventing cyber attacks. Organizations are advised to prioritize the update of vulnerable systems to prevent potential exploitation by threat actors.