CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Active Exploitation of FileZen CVE-2026-25108 OS Command Injection Vulnerability

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

CISA added a recently disclosed OS command injection vulnerability in FileZen (CVE-2026-25108) to its KEV catalog, confirming active exploitation. The flaw, with a CVSS v4 score of 8.7, allows authenticated users to execute arbitrary commands via crafted HTTP requests. Affected versions include 4.2.1 to 4.2.8 and 5.0.0 to 5.0.10. Exploitation requires the FileZen Antivirus Check Option to be enabled and user login with general privileges. Soliton Systems reported at least one incident of damage. Users are advised to update to version 5.0.11 or later and change passwords if compromised. FCEB agencies must apply fixes by March 17, 2026.

Timeline

  1. 25.02.2026 07:23 1 articles · 4h ago

    CISA Adds FileZen CVE-2026-25108 to KEV Catalog Due to Active Exploitation

    CISA confirmed active exploitation of the OS command injection vulnerability CVE-2026-25108 in FileZen, adding it to the KEV catalog. The vulnerability affects specific versions of the file transfer product and requires the Antivirus Check Option to be enabled. Users are advised to update to version 5.0.11 or later and change passwords if compromised. FCEB agencies must apply fixes by March 17, 2026.

    Show sources
    Open in new tab

Information Snippets