Critical FileZen Vulnerability Lets Attackers Execute Arbitrary Commands
Key Takeaways A critical command injection vulnerability (CVE-2026-25108) has been discovered in Soliton Systems K.K.’s FileZen secure file transfer solution. The flaw, rated 8.8 CVSS v3.0,...
Key Takeaways
- A critical command injection vulnerability (CVE-2026-25108) has been discovered in Soliton Systems K.K.’s FileZen secure file transfer solution.
- The flaw, rated 8.8 CVSS v3.0, allows authenticated attackers to execute arbitrary operating system commands.
- Exploitation has been observed in the wild prior to patching, indicating active threats.
- Affected versions include FileZen V5.0.0 through V5.0.10 and V4.2.1 through V4.2.8.
- Users must upgrade to FileZen firmware V5.0.11 or later immediately to mitigate the risk.
Critical Flaw in Soliton FileZen Poses Severe Risk
A significant security vulnerability has been identified in the FileZen secure file transfer product developed by Soliton Systems K.K., potentially allowing malicious actors to gain unauthorized control over affected systems. This critical flaw, officially designated CVE-2026-25108, carries a severe CVSS v3.0 base score of 8.8, highlighting its high impact potential.
Table Of Content
Command Injection Leads to Arbitrary Code Execution
The core of the vulnerability lies in an OS command injection (CWE-78) flaw within FileZen’s processing architecture. Specifically, this weakness becomes exploitable when the “Antivirus Check Option” is activated. Attackers who have successfully authenticated to a vulnerable FileZen instance can leverage this by dispatching specially crafted HTTP requests. This action enables them to inject and execute arbitrary commands directly on the underlying operating system, effectively bypassing security controls.
Soliton Systems K.K. has confirmed that attempts to exploit this vulnerability were detected in active campaigns before a patch was made available. This indicates that threat actors were already leveraging the flaw, underscoring the urgency for immediate remediation.
FileZen’s Role and Affected Versions
FileZen serves as a crucial secure file transfer and sharing platform, widely deployed across enterprises for secure data exchange, both internally and with external partners. It is important to note that the FileZen S variant is not impacted by this particular vulnerability.
The table below details the affected FileZen versions:
| CVE ID | CVSS | Description | Affected Versions |
|---|---|---|---|
| CVE-2026-25108 | 8.8 (High) | OS command injection enabling arbitrary execution. | V5.0.0–V5.0.10, V4.2.1–V4.2.8 |
Once an authenticated attacker sends a malicious HTTP request, they can run commands at the OS level with elevated privileges. Successful exploitation could lead to a complete compromise of the appliance, allowing attackers to manipulate files, extract sensitive data, or establish persistent access for further network infiltration. Given that FileZen systems are often exposed to enterprise networks, the potential impact extends to significant risks concerning data confidentiality and system integrity, as detailed in the advisory published by Japan’s JPCERT/CC (JVN#84622767).
What You Should Do
- Immediate Update: All FileZen users running affected versions (V5.0.0–V5.0.10 and V4.2.1–V4.2.8) must upgrade their firmware to FileZen version V5.0.11 or later without delay. This update contains the necessary security fixes to neutralize the OS command injection vulnerability.
- Review Logs: Administrators should review system logs for any signs of unusual activity or unauthorized command execution, particularly if the “Antivirus Check Option” was enabled.
- Implement Least Privilege: Ensure that all user accounts, especially those with access to FileZen, operate under the principle of least privilege to minimize the potential impact of compromised credentials.
- Network Segmentation: Where possible, isolate FileZen instances within a segmented network zone to limit lateral movement in the event of a breach.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.