CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added a critical vulnerability in Soliton Systems’ FileZen to its Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation in the wild. This vulnerability, identified as CVE-2026-25108 with a CVSS v4 score of 8.7, is an operating system (OS) command injection flaw that allows authenticated users to execute arbitrary commands through specially crafted HTTP requests.
Understanding CVE-2026-25108
CVE-2026-25108 is a significant security flaw within FileZen, a file transfer product developed by Soliton Systems. The vulnerability exists in versions 4.2.1 to 4.2.8 and 5.0.0 to 5.0.10. Exploitation is possible when the FileZen Antivirus Check Option is enabled, and the attacker has authenticated access to the web interface with general user privileges. By sending specially crafted HTTP requests, an attacker can execute arbitrary commands on the system, potentially leading to unauthorized access, data exfiltration, or further compromise of the network.
CISA’s Advisory and Recommendations
CISA’s inclusion of CVE-2026-25108 in its KEV catalog underscores the severity of the vulnerability and the necessity for immediate action. The agency advises organizations, particularly Federal Civilian Executive Branch (FCEB) agencies, to apply the necessary patches by March 17, 2026, to secure their networks against potential threats.
Soliton Systems’ Response
In response to the identified vulnerability, Soliton Systems has released an advisory detailing the affected versions and the conditions under which exploitation is possible. The company has acknowledged receiving at least one report of damage caused by the exploitation of this vulnerability. To mitigate the risk, Soliton Systems recommends updating to version 5.0.11 or later. Additionally, they advise users who suspect their systems have been compromised to change all user passwords as a precautionary measure, as attackers may have gained access to legitimate accounts.
Broader Implications and Preventative Measures
The active exploitation of CVE-2026-25108 highlights the ongoing challenges organizations face in maintaining secure systems. It serves as a reminder of the importance of regular software updates, vigilant monitoring for unusual activities, and the implementation of robust security protocols. Organizations are encouraged to review their systems for signs of compromise, apply the recommended patches promptly, and educate users about the risks associated with such vulnerabilities.
Conclusion
The confirmation of active exploitation of the FileZen CVE-2026-25108 vulnerability by CISA emphasizes the critical need for organizations to address this security flaw without delay. By updating to the latest software versions and adhering to the recommended security practices, organizations can protect their systems and data from potential threats.
