"Soliton Systems K.K FileZen contains an OS command injection vulnerability when a user logs-in to the affected product and sends a specially crafted HTTP request. The vulnerability, tracked as CVE-2026-25108 (CVSS v4 score: 8.7), could allow an authenticated user to execute arbitrary commands via specially crafted HTTP requests."
"If you have been attacked or suspect that you have been victimized by this vulnerability, please consider not only updating to V5.0.11 or later, but also changing all user passwords as a precaution, as an attacker can log on with at least one real account."
"Soliton noted in its advisory that successful exploitation of the issue is only possible when FileZen Antivirus Check Option is enabled, adding it has received at least one report of damage caused by the exploitation of this vulnerability."
CISA identified CVE-2026-25108, a critical OS command injection vulnerability in Soliton Systems FileZen affecting versions 4.2.1-4.2.8 and 5.0.0-5.0.10. The vulnerability has a CVSS v4 score of 8.7 and allows authenticated users to execute arbitrary commands through specially crafted HTTP requests. Exploitation requires the FileZen Antivirus Check Option to be enabled and general user privileges. Soliton confirmed at least one reported exploitation case. Users must update to version 5.0.11 or later and change all passwords as precaution. Federal agencies have until March 17, 2026, to apply fixes.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]