CVE-2026-25108

Summary

FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.

Affected Software

VendorProductVersion RangeStatus
Soliton Systems K.K.FileZenV5.0.0 to V5.0.10affected
Soliton Systems K.K.FileZenV4.2.1 to V4.2.8affected

Weaknesses

  • CWE-78: Improper neutralization of special elements used in an OS command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References