A high-severity vulnerability in FileZen, a file transfer solution developed by Soliton Systems K.K., enables authenticated attackers to remotely execute arbitrary operating system commands on affected systems.
The security flaw, tracked as CVE-2026-25108, poses a severe risk to organizations using vulnerable versions of the software, particularly those with the Antivirus Check Option enabled.
The vulnerability stems from an OS command injection weakness that allows attackers to inject malicious commands through specially crafted HTTP requests.
According to the Japan Vulnerability Notes advisory published on February 13, 2026, the developer has confirmed that active exploitation attempts targeting this vulnerability have already been observed in the wild, making immediate patching crucial for affected organizations.
FileZen versions V5.0.0 through V5.0.10 and V4.2.1 through V4.2.8 are susceptible to this security issue.
The developer has clarified that FileZen S remains unaffected by the vulnerability. For exploitation to succeed, an attacker must first authenticate to the FileZen system with valid credentials and then send a specially crafted HTTP request while the Antivirus Check Option is active.
| CVE ID | CVSS v3.0 Score | CVSS v4.0 Score | Description |
|---|---|---|---|
| CVE-2026-25108 | 8.8 (High) | 8.7 (Critical) | OS command injection vulnerability in FileZen allowing authenticated attackers to execute arbitrary commands via crafted HTTP requests when Antivirus Check Option is enabled |
Successful exploitation grants attackers the ability to execute arbitrary operating system commands with the privileges of the FileZen application, potentially leading to complete system compromise.
The vulnerability carries severe ratings under both CVSS v3.0 and v4.0 scoring systems, reflecting the high risk it poses to confidentiality, integrity, and availability of affected systems.
Organizations running vulnerable FileZen versions must immediately update to version V5.0.11, which addresses the command injection flaw.
The patch was released following coordinated disclosure between Soliton Systems K.K. and JPCERT/CC under Japan’s Information Security Early Warning Partnership framework.
Security teams should prioritize updating affected FileZen installations, particularly in environments where the Antivirus Check Option is enabled.
Given the confirmed exploitation activity, organizations should also review system logs for suspicious authentication patterns or unusual HTTP requests that might indicate attempted or successful attacks.
JPCERT/CC has issued alert JPCERT-AT-2026-0004 with additional guidance for Japanese organizations regarding this vulnerability.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google
