Command Injection Vulnerability in Soliton FileZen (CVE-2026-25108) Actively Exploited

Cybersecurity researchers and Japan’s JPCERT/CC have issued a high-priority warning regarding a critical security flaw in Soliton FileZen, a popular enterprise file-sharing and transfer appliance.

The vulnerability, tracked as CVE-2026-25108, is confirmed to be under active exploitation in the wild.

The Threat: Remote Command Execution

The flaw is classified as an OS Command Injection (CWE-78) vulnerability.

It resides within FileZen’s Antivirus Check Option.

If this feature is enabled, an authenticated attacker can bypass security restrictions by sending a specially crafted HTTP request to the appliance.

Impact: Successful exploitation allows an attacker to execute arbitrary system commands with the privileges of the web server.

Severity: Rated 8.8 (High) on the CVSS v3 scale and 8.7 on CVSS v4.

Real-World Status: Soliton Systems K.K. has confirmed that they have observed actual attacks targeting this vulnerability.

Affected Versions

The vulnerability impacts the following firmware versions of the FileZen appliance:

  • V5.0.0 through V5.0.10
  • V4.2.1 through V4.2.8

Note: The developer has stated that the separate product line, FileZen S, is not affected by this specific bug.

Immediate Action Required

Because this is being used in active attacks, security administrators are urged to apply the following fixes immediately:

  1. Update Firmware: Soliton has released FileZen V5.0.11 and updated patches for the V4.2 series. Access the update via the Soliton Support Portal.
  2. Mitigation: If an immediate patch is impossible, consider temporarily disabling the Antivirus Check Option, though this may expose the system to uploaded malware.
  3. Monitor Logs: Check for unusual HTTP requests or unexpected system-level command executions originating from the FileZen appliance.

Why FileZen?

FileZen is widely used across Japan and international enterprises for secure file relay between isolated networks (Network Separation).

Because these appliances often bridge "clean" internal networks and the "untrusted" internet, a compromise here can serve as a perfect pivot point for lateral movement within a corporate infrastructure.

Stay ahead. Stay dangerous.

Team Hacklido ❤️
Join our Community – https://t.me/hacklido