CVE-2026-25108
OS Command Injection in FileZen Virus Check Enables Remote Execution
Publication date: 2026-02-13
Last updated on: 2026-02-24
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| soliton | filezen | From 4.2.1 (inc) to 5.0.11 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-25108 is an OS command injection vulnerability found in FileZen, a product by Soliton Systems K.K. This vulnerability occurs when the FileZen virus check option is enabled. A logged-in user can send a specially crafted HTTP request that allows them to execute arbitrary operating system commands on the affected system.
The affected versions include FileZen V5.0.0 to V5.0.10 and V4.2.1 to V4.2.8, while FileZen S is not affected. The vulnerability requires that the attacker has valid user login access, either through leaked credentials or by guessing user ID and password.
This vulnerability has a high severity score (CVSS v3.0 base score of 8.8) and has been exploited in the wild. It was fixed in FileZen version 5.0.11.
How can this vulnerability impact me? :
This vulnerability allows a remote attacker with valid user credentials to execute arbitrary operating system commands on the FileZen system. This can lead to unauthorized control over the system, potentially compromising confidentiality, integrity, and availability of data and services.
Exploitation can result in unauthorized access, data breaches, system disruption, or further attacks within the network. Since the attacker can run OS commands, they might install malware, steal sensitive information, or disrupt normal operations.
There is no workaround for affected versions, so users must upgrade to FileZen V5.0.11 or later to mitigate the risk. Additionally, it is recommended to reset all user passwords due to the risk of compromised accounts.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The product lacks explicit detection features for exploitation of this vulnerability.
However, its system directory file monitoring may log suspicious file operations, which can be reviewed via support channels.
No specific commands for detection are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
Users must upgrade FileZen to version 5.0.11 or later, as this version fixes the vulnerability.
Consider resetting all user passwords due to the risk of compromised accounts.
Follow additional security recommendations provided in the vendorβs FAQ and contact support if needed.