Summary
Key Points:
- CVE-2026-25108, a command injection vulnerability in Soliton Systems K.K FileZen, has been added to CISA's Known Exploited Vulnerabilities catalog.
- The flaw allows authenticated users to execute arbitrary OS commands via crafted HTTP requests, impacting versions 5.0.0 to 5.0.10 and 4.2.1 to 4.2.8, with a CVSS score of 8.7 indicating high severity.
- Organizations must update to version 5.0.11 or later and consider changing user passwords due to potential exploitation through valid accounts.
Technical Details: The vulnerability is classified as an OS command injection (CWE-78) and requires the FileZen virus check feature to be enabled for exploitation.
MITRE ATT&CK Techniques:
- T1203 - User Execution (Execution)
- T1078 - Valid Accounts (Defense Evasion)
IOCs Mentioned: None mentioned
Join the discussion — sign up to comment, upvote, and save articles.