Vulnerability Management, Patch/Configuration Management

CISA adds Soliton FileZen vulnerability to Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Soliton Systems K.K. FileZen to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability, identified as CVE-2026-25108, carries a CVSS v4 score of 8.7, indicating a high severity level, with further coverage provided by Security Affairs.

The vulnerability is an operating system command injection flaw (CWE-78) that allows an authenticated user to execute arbitrary commands via specially crafted HTTP requests. Exploitation requires the FileZen virus check feature to be enabled and the attacker to possess valid login credentials. The flaw affects FileZen Versions 5.0.0 to 5.0.10 and Versions 4.2.1 to 4.2.8.

Soliton Systems K.K. has confirmed active exploitation and reported at least one instance of damage, emphasizing the need for password changes in addition to updating the software to V5.0.11 or later. CISA has mandated that federal agencies address this vulnerability by March 17, 2026, aligning with Binding Operational Directive 22-01. 

Source: Security Affairs

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds