The Cybersecurity and Infrastructure Security Agency (CISA) has added a new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation in the wild.
The vulnerability affects FileZen, a file-sharing and data transfer product developed by Japanese vendor Soliton Systems K.K.
The flaw, tracked as CVE-2026-25108, is classified as an OS Command Injection vulnerability.
This type of weakness allows attackers to inject and execute arbitrary operating system commands on a target system, potentially leading to full system compromise.
OS command injection vulnerabilities are considered high-severity threats and are frequently abused by malicious cyber actors as initial access vectors into enterprise networks.
| CVE ID | CVSS Score | Description |
|---|---|---|
| CVE-2026-25108 | N/A | Soliton Systems K.K. FileZen OS Command Injection Vulnerability |
CISA’s KEV Catalogue mandates that all Federal Civilian Executive Branch (FCEB) agencies remediate listed vulnerabilities within a designated timeframe.
The directive was established to reduce the significant risk posed by known exploited vulnerabilities across federal networks.
Agencies that fail to patch within the required window remain exposed to active threat actors targeting these exact weaknesses.
While BOD 22-01 is binding only for federal agencies, CISA strongly urges all private and public sector organizations to treat KEV Catalog entries as high-priority remediation targets.
Timely patching of actively exploited vulnerabilities remains one of the most effective defenses against cyberattacks.
Organisations using FileZen should immediately review CISA’s KEV Catalogue for remediation deadlines and apply available patches or mitigations from Soliton Systems K.K. Security teams should also audit systems for signs of compromise, particularly any unauthorised command execution activity.
Incorporating KEV Catalog entries into routine vulnerability management workflows is strongly recommended.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
