The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Soliton Systems K.K. FileZen to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability, identified as CVE-2026-25108, carries a CVSS v4 score of 8.7, indicating a high severity level, with further coverage provided by Security Affairs.The vulnerability is an operating system command injection flaw (CWE-78) that allows an authenticated user to execute arbitrary commands via specially crafted HTTP requests. Exploitation requires the FileZen virus check feature to be enabled and the attacker to possess valid login credentials. The flaw affects FileZen Versions 5.0.0 to 5.0.10 and Versions 4.2.1 to 4.2.8.Soliton Systems K.K. has confirmed active exploitation and reported at least one instance of damage, emphasizing the need for password changes in addition to updating the software to V5.0.11 or later. CISA has mandated that federal agencies address this vulnerability by March 17, 2026, aligning with Binding Operational Directive 22-01. Source: Security Affairs
Vulnerability Management, Patch/Configuration Management
CISA adds Soliton FileZen vulnerability to Known Exploited Vulnerabilities catalog

Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds


