CVE-2026-25108
published 2026-02-13CVE-2026-25108: FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP…
PriorityP188high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2026-03-17
Exploited in the wild
EPSS
4.97%
91.1th percentile
FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| soliton | filezen | >= 4.2.1 < 5.0.11 | 5.0.11 |
| soliton_systems_k.k | filezen | — | — |
| soliton_systems_k.k | filezen | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring for specially crafted HTTP requests sent by authenticated (logged-in) users to FileZen appliances, particularly when the Antivirus Check Option is enabled, as this is the attack vector for OS command injection. ↗
- →Alert on any authenticated HTTP requests to FileZen that trigger unexpected child processes or shell execution, consistent with OS command injection via a crafted HTTP request. ↗
- ·The OS command injection vulnerability is only exploitable when the FileZen Antivirus Check Option is enabled. Deployments without this option enabled may not be directly vulnerable via this specific attack path. ↗
- ·Exploitation requires the attacker to be authenticated (logged in) to the FileZen appliance, meaning pre-authentication exploitation is not indicated by current reporting. Detections should account for the authenticated session context. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck8.7HIGH
cisa8.7HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qgqm-fpvv-jgfh: FileZen contains an OS command injection vulnerability
ghsa_unreviewed·2026-02-13
CVE-2026-25108 [HIGH] CWE-78 GHSA-qgqm-fpvv-jgfh: FileZen contains an OS command injection vulnerability
FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.
VulnCheck
Soliton Systems K.K FileZen OS Command Injection Vulnerability
vulncheck·2026·CVSS 8.7
CVE-2026-25108 [HIGH] CWE-78 Soliton Systems K.K FileZen OS Command Injection Vulnerability
Soliton Systems K.K FileZen OS Command Injection Vulnerability
Soliton Systems K.K FileZen contains an OS command injection vulnerability when an user logs-in to the affected product and sends a specially crafted HTTP request.
Affected: Soliton Systems K.K FileZen
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://jvn.jp/en/jp/JVN84622767/; https://www.soliton.co.jp/support/2026/006657.html; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.recordedfuture.com/blog/february-2026-cve-landscape
Remediation Due: 2026-03-17
CISA
Soliton Systems K.K FileZen OS Command Injection Vulnerability
cisa·2026-02-24·CVSS 8.7
CVE-2026-25108 [HIGH] CWE-78 Soliton Systems K.K FileZen OS Command Injection Vulnerability
Vulnerability: Soliton Systems K.K FileZen OS Command Injection Vulnerability
Affected: Soliton Systems K.K FileZen
Soliton Systems K.K FileZen contains an OS command injection vulnerability when an user logs-in to the affected product and sends a specially crafted HTTP request.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://jvn.jp/en/jp/JVN84622767/ ; https://nvd.nist.gov/vuln/detail/CVE-2026-25108
Remediation Due Date: 2026-03-17
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Washington Hotel in Japan discloses ransomware infection incident
blogs_bleepingcomputer·2026-02-16·CVSS 8.7
[HIGH] Washington Hotel in Japan discloses ransomware infection incident
## Washington Hotel in Japan discloses ransomware infection incident
## Bill Toulas
According to the company’s disclosure , hackers breached its network on Friday, February 13, 2026, at 22:00 (local time). The IT staff immediately disconnected servers from the internet to prevent the attack from spreading on the network.
The organization states that it started consulting with the police and external cybersecurity experts.
Although an investigation is ongoing, Washington Hotel can confirm that the attacker gained access to various business data stored on the affected servers.
Customer data is unlikely to be exposed because the company stores this information on servers managed by a separate company, for which no unauthorized access has been confirmed.
The incident is impacting operati
Recorded Future
February 2026 CVE Landscape: 13 Critical Vulnerabilities Mark 43% Drop from January
blogs_recorded_future·CVSS 7.7
[HIGH] February 2026 CVE Landscape: 13 Critical Vulnerabilities Mark 43% Drop from January
# February 2026 CVE Landscape:13 Critical Vulnerabilities Mark 43% Drop from January
February 2026 saw a 43% decrease in high-impact vulnerabilities, with Recorded Future's Insikt Group® identifying 13 vulnerabilities requiring immediate remediation, down from 23 in January 2026. All 13 carried a ‘Very Critical’ Recorded Future Risk Score.
What security teams need to know:
- Microsoft dominates: Six of 13 vulnerabilities affected Microsoft products, accounting for 46% of February's findings; all were added to CISA's KEV catalog on the same day
- Supply-chain attack on Notepad++: Lotus Blossom, a suspected China state-sponsored threat actor, exploited CVE-2025-15556 to hijack Notepad++'s update channel and deliver a Cobalt Strike Beacon and the Chrysalis backdoor
- APT28 exploits MSHTML
2026-02-13
Published
2026-02-24
Added to CISA KEV
Exploited in the wild