CISA has added CVE-2026-25108, an OS command injection vulnerability in Soliton Systems' FileZen, to its Known Exploited Vulnerabilities catalog due to confirmed active exploitation. The vulnerability has a CVSS 3.1 score of 8.8 (HIGH) and affects FileZen versions from 4.2.1 up to, but not including, 5.0.11. The fixed version is FileZen 5.0.11.
CISA has added CVE-2026-25108, an OS command injection vulnerability in Soliton Systems’ FileZen secure file transfer solution, to its Known Exploited Vulnerabilities (KEV) catalog. The vendor has confirmed active exploitation, stating it has received multiple reports of damage caused by attackers abusing the flaw. Because public disclosures from the Japanese CERT Coordination Center (JPCERT/CC) and a ransomware incident reported by Japan’s Washington Hotel occurred around the same time, there has been speculation that CVE-2026-25108 may … More → The post CISA flags exploited FileZen command injection bug, patch now! (CVE-2026-25108) appeared first on Help Net Security .