CISA has officially added a critical OS command injection vulnerability in Soliton Systems FileZen to its list of actively exploited flaws. To mitigate the risk of arbitrary command execution, users are urged to update to version 5.0.11 and reset all account passwords immediately.
The U.S. Cybersecurity and Infrastructure Security Agency has expanded its Known Exploited Vulnerabilities catalog to include a significant security flaw found in Soliton Systems FileZen. This vulnerability, identified as CVE-2026-25108, carries a high severity rating due to its potential for operating system command injection. Federal authorities confirmed that the addition to the catalog was prompted by clear evidence that attackers are currently using this exploit in the wild.
The technical nature of the flaw allows an authenticated user to execute arbitrary commands on the system by sending specially crafted HTTP requests. While the vulnerability requires an attacker to have general user privileges to access the web interface, the impact of a successful breach can be substantial. Japan Vulnerability Notes reports that the issue affects several iterations of the file transfer product, specifically versions 4.2.1 through 4.2.8 and 5.0.0 through 5.0.10.
According to Soliton Systems, the risk is specifically tied to instances where the FileZen Antivirus Check Option is active. The company has already acknowledged at least one instance of actual damage resulting from this exploit. Because the attack requires a valid login, the company warned that any successful breach implies an attacker may have already compromised at least one real user account to gain entry.
In response to the threat, the manufacturer has released version 5.0.11 to patch the security hole. Beyond simply updating the software, Soliton recommends that all users change their passwords as a precautionary measure. This step is considered vital because if an attacker has already gained access, they might retain control even after the software itself has been patched against the command injection method.
Federal Civilian Executive Branch agencies have been given a deadline of March 17, 2026, to apply these updates and secure their networks. While the mandate applies specifically to federal agencies, CISA strongly encourages all organizations using FileZen to prioritize these fixes. Addressing the vulnerability quickly is the only way to prevent unauthorized actors from taking full control of affected file transfer systems.
Source: CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Security Vulnerability