CVE-2026-25108
CISA KEVPublished February 24, 2026 · Updated April 3, 2026
What This Means
**CVE-2026-25108: FileZen OS Command Injection** An unauthenticated attacker can execute arbitrary OS commands on FileZen servers by sending a specially crafted HTTP request during the login process, bypassing authentication controls entirely. This grants attackers shell-level access to the underlying operating system, enabling data exfiltration, lateral movement, and system compromise. **Immediate actions:** Identify and isolate all FileZen instances; check firewall logs and IDS/IPS alerts for exploitation attempts; apply patches from Soliton Systems K.K immediately; review command execution logs for evidence of compromise; reset credentials for service accounts running FileZen.
Official Description+
Soliton Systems K.K FileZen contains an OS command injection vulnerability when an user logs-in to the affected product and sends a specially crafted HTTP request.
Affected Products
| Vendor | Product |
|---|---|
| Soliton Systems K.K | FileZen |
Patch Status
Recommended Actions
- Check if your systems use any of the affected products listed above.
- Apply vendor patches immediately if available.
- This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
- Monitor vendor advisories for updates and additional mitigations.
- Review logs for indicators of compromise related to CVE-2026-25108.