Overview
- CVE-2026-25108 is a high-severity OS command injection in Soliton Systems' FileZen that allows command execution via crafted HTTP requests after login (CVSS v4 8.7).
- Exploitation is possible only when the antivirus check feature is enabled and an attacker has valid web-interface credentials for a general user account.
- Soliton confirmed at least one damage report from real-world attacks and urges customers to update and reset all user passwords as a precaution.
- The flaw affects FileZen versions 4.2.1–4.2.8 and 5.0.0–5.0.10; both physical and virtual appliances are impacted, while FileZen S is not.
- CISA added the vulnerability to its Known Exploited Vulnerabilities catalog and ordered FCEB agencies to remediate by March 17, 2026.