U.S. authorities have confirmed that threat actors are actively exploiting a critical vulnerability in FileZen by Soliton Systems K.K..
Due to the high risk associated with this flaw, CISA has officially added it to the Known Exploited Vulnerabilities (KEV) Catalog.
This catalog serves as a critical resource for tracking security weaknesses currently being exploited in real-world attacks.
The inclusion of this flaw highlights an ongoing trend where cybercriminals specifically target enterprise file-sharing and transfer solutions.
Organizations utilizing the affected software are urged to assess their systems immediately and apply the necessary security updates to prevent potential unauthorized access or system compromise.
| CVE ID | CVSS Score | Vulnerability Type | Description | Affected Component | Affected Versions | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-25108 | 9.8 (Critical) | OS Command Injection | Allows remote execution of OS commands on FileZen, risking full system compromise and data theft. | FileZen Core Server | All unpatched versions | Full system compromise, unauthorized access, potential data exfiltration |
Active Exploitation Confirmed
The newly added vulnerability is categorized as an OS Command Injection flaw. This type of security weakness occurs when an application improperly validates user-supplied data before passing it to a system shell.
As a result, attackers can execute arbitrary operating system commands on the targeted device.
Threat actors highly prize command injection vulnerabilities because they often provide a direct pathway to complete system takeover, allowing attackers to manipulate files, install malware, or pivot further into the internal network.
CISA notes that this specific type of vulnerability represents a frequent and highly effective attack vector.
Because these flaws allow deep system access without requiring complex exploitation techniques, they pose a significant threat to both federal enterprises and private-sector organizations.
The active exploitation of this flaw indicates that threat actors have already developed functional exploits and are actively scanning the internet for vulnerable systems.
Under Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are legally required to remediate vulnerabilities listed in the KEV Catalog within a specified timeframe.
This directive is designed to drastically reduce the significant risk posed by known exploited vulnerabilities across government networks.
Agencies must patch the FileZen vulnerability by the CISA-mandated deadline to maintain compliance and secure their infrastructure against these active threats.
While the mandatory patching requirements of BOD 22-01 apply strictly to federal agencies, CISA strongly advises private companies and other organizations to adopt the same rigorous standards.
Incorporating the KEV Catalog into routine vulnerability management practices is a highly effective strategy for minimizing exposure to ongoing cyberattacks.
CISA continues to evaluate new intelligence and will update the catalog as additional vulnerabilities meet the criteria for active exploitation.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
