CVE-2026-25108

HighCISA KEVActive Exploitation

Published: 13 February 2026

Published

13 February 2026

Modified

24 February 2026

KEV Added

24 February 2026

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0837 92.3th percentile

Risk Priority 43 60% EPSS · 20% KEV · 20% CVSS

Description

FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and patching of the specific OS command injection flaw in FileZen, directly remediating CVE-2026-25108.

SI-10 Information Input Validation good match

prevent

Enforces validation of HTTP request inputs to block specially crafted requests that enable OS command injection when the Antivirus Check Option is enabled.

CM-7 Least Functionality partial match

prevent

Limits exposure by disabling or restricting the unnecessary Antivirus Check Option in FileZen, reducing the attack surface for command injection.

Security SummaryAI

CVE-2026-25108 is an OS command injection vulnerability (CWE-78) affecting FileZen software, published on 2026-02-13. The issue arises when the FileZen Antivirus Check Option is enabled, allowing a logged-in user to send a specially crafted HTTP request that executes an arbitrary OS command. It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.

A logged-in user with low privileges can exploit this vulnerability remotely over the network without requiring user interaction. Successful exploitation enables execution of arbitrary operating system commands on the affected FileZen server, potentially leading to full system compromise, data theft, modification, or disruption.

Advisories from JVN (https://jvn.jp/en/jp/JVN84622767/) and Soliton (https://www.soliton.co.jp/support/2026/006657.html) provide details on patches and mitigation steps. The vulnerability is listed in CISA's Known Exploited Vulnerabilities Catalog (https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-25108), confirming real-world exploitation.

Security practitioners should prioritize patching FileZen instances with the Antivirus Check Option enabled and review access controls for logged-in users.

Details

CWE(s): CWE-78
KEV Date Added: 24 February 2026

Affected Products

soliton

filezen

4.2.1 — 5.0.11

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059 Command and Scripting Interpreter Execution

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

attack.mitre.org →

Why these techniques?

CVE enables exploitation of a public-facing web application (T1190) via crafted HTTP request leading to arbitrary OS command execution (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://jvn.jp/en/jp/JVN84622767/
Third Party Advisory · vultures@jpcert.or.jp
https://www.soliton.co.jp/support/2026/006657.html
Vendor Advisory · vultures@jpcert.or.jp
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-25108
US Government Resource · 134c704f-9b21-4f2e-91b3-4a467353bcc0