CVE-2026-25108

FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/en/jp/JVN84622767/	Third Party Advisory
https://www.soliton.co.jp/support/2026/006657.html	Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-25108	US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:soliton:filezen:*:*:*:*:*:*:*:*

History

24 Feb 2026, 21:38

Type	Values Removed	Values Added
CPE		cpe:2.3:a:soliton:filezen::::::::
References	~~() https://jvn.jp/en/jp/JVN84622767/ -~~	() https://jvn.jp/en/jp/JVN84622767/ - Third Party Advisory
References	~~() https://www.soliton.co.jp/support/2026/006657.html -~~	() https://www.soliton.co.jp/support/2026/006657.html - Vendor Advisory
References	~~() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-25108 -~~	() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-25108 - US Government Resource
First Time		Soliton Soliton filezen

24 Feb 2026, 19:21

Type	Values Removed	Values Added
Summary		(es) FileZen contiene una vulnerabilidad de inyección de comandos del sistema operativo. Cuando la opción de verificación de antivirus de FileZen está habilitada, un usuario autenticado puede enviar una solicitud HTTP especialmente diseñada para ejecutar un comando arbitrario del sistema operativo.
References		() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-25108 -

13 Feb 2026, 05:17

Type	Values Removed	Values Added
Summary	~~(en) FileZen contains an OS command injection vulnerability. When FileZen virus check option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.~~	(en) FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.

13 Feb 2026, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-13 04:15

Updated : 2026-02-24 21:38

NVD link : CVE-2026-25108

Mitre link : CVE-2026-25108

CVE.ORG link : CVE-2026-25108

JSON object : View

Products Affected

soliton

filezen

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

8.8 /10