cbcvebase.
CVE-2026-25108
published 2026-02-13

CVE-2026-25108: FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP…

PriorityP188high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2026-03-17
Exploited in the wild
EPSS
4.97%
91.1th percentile
FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.

Affected

3 ranges
VendorProductVersion rangeFixed in
solitonfilezen>= 4.2.1 < 5.0.115.0.11
soliton_systems_k.kfilezen
soliton_systems_k.kfilezen

Detection & IOCsextracted from sources · hover to see the quote

  • Detect exploitation attempts by monitoring for specially crafted HTTP requests sent by authenticated (logged-in) users to FileZen appliances, particularly when the Antivirus Check Option is enabled, as this is the attack vector for OS command injection.
  • Alert on any authenticated HTTP requests to FileZen that trigger unexpected child processes or shell execution, consistent with OS command injection via a crafted HTTP request.
  • ·The OS command injection vulnerability is only exploitable when the FileZen Antivirus Check Option is enabled. Deployments without this option enabled may not be directly vulnerable via this specific attack path.
  • ·Exploitation requires the attacker to be authenticated (logged in) to the FileZen appliance, meaning pre-authentication exploitation is not indicated by current reporting. Detections should account for the authenticated session context.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck8.7HIGH
cisa8.7HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.