ACCORDING to CISA, the U.S. Cybersecurity and Infrastructure Security Agency has added FileZen CVE-2026-25108 to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. The vulnerability is an OS command injection that could allow an authenticated user to execute arbitrary commands via specially crafted HTTP requests, and it carries a CVSS v4 score of 8.7. The Japan Vulnerability Notes (JVN) lists affected Soliton FileZen versions as 4.2.1 to 4.2.8 and 5.0.0 to 5.0.10.
Soliton noted that successful exploitation is only possible when the FileZen Antivirus Check Option is enabled, and a bad actor must sign in to the web interface with general user privileges to perform an attack. Users are advised to update to version 5.0.11 or later and to change all user passwords as a precaution. Federal Civilian Executive Branch agencies are urged to apply fixes by 17 March 2026 to secure their networks.