Ethical Hacking News
A critical vulnerability has been discovered in Soliton Systems K.K's FileZen, a secure file transfer solution. The U.S. CISA has added the flaw to its Known Exploited Vulnerabilities catalog, emphasizing the need for organizations to address it promptly. Update your FileZen installations and take proactive measures to secure your sensitive data against potential exploitation.
The vulnerability in Soliton Systems K.K's FileZen allows an authenticated user to execute arbitrary commands via specially crafted HTTP requests. The vulnerability has a CVSS v4 score of 8.7, indicating its potential severity. The impact of the vulnerability is the ability to allow a remote attacker to execute arbitrary OS commands within FileZen. Patches are available for versions 5.0.11 or later, and the U.S. CISA has added the vulnerability to its KEV catalog. Federal agencies must fix the vulnerability by March 17, 2026, as per BOD 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities. Experts recommend updating to the latest version, enabling antivirus scanning, and implementing robust access controls to minimize the risk of exploitation.
The cybersecurity landscape is constantly evolving, with new vulnerabilities and threats emerging on a daily basis. In recent times, organizations have been advised to be vigilant about the potential risks associated with various software solutions. The latest addition to this list is a vulnerability in Soliton Systems K.K's FileZen, a secure file transfer solution designed to provide access controls, activity logging, and antivirus scanning.
According to a recent announcement from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), a flaw has been identified in FileZen that could allow an authenticated user to execute arbitrary commands via specially crafted HTTP requests. This vulnerability, tracked as CVE-2026-25108, carries a CVSS v4 score of 8.7, indicating its potential severity.
The Soliton Systems K.K FileZen vulnerability is an operating system (OS) command injection that could be exploited if two specific conditions are met: the FileZen virus check feature (BitDefender-based) is enabled, and an attacker has valid login access to the FileZen website, either through leaked credentials or successfully guessed user IDs and passwords.
The impact of this vulnerability lies in its ability to allow a remote attacker to execute arbitrary OS commands within FileZen. This could potentially lead to unauthorized access to sensitive data, disruption of file transfer operations, and even compromise of the entire network infrastructure.
To mitigate this risk, Soliton Systems K.K has released patches for versions 5.0.11 or later, which address the flaw. The U.S. CISA has also added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, emphasizing the importance of addressing it promptly.
Federal agencies are required to fix this vulnerability by March 17, 2026, as per the Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities. Private organizations are also advised to review the KEV catalog and address any identified vulnerabilities in their infrastructure.
Experts recommend that organizations take proactive measures to secure their FileZen installations, including updating to the latest version, enabling antivirus scanning, and implementing robust access controls. By taking these steps, organizations can minimize the risk of exploitation and ensure the integrity of their sensitive data.
In conclusion, the vulnerability in Soliton Systems K.K's FileZen highlights the importance of staying vigilant in today's cybersecurity landscape. Organizations must be proactive in identifying and addressing potential threats to protect themselves against malicious attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Looming-Threat-of-FileZen-A-Vulnerability-in-Soliton-Systems-KKs-Secure-File-Transfer-Solution-ehn.shtml
https://securityaffairs.com/188473/hacking/u-s-cisa-adds-a-flaw-in-soliton-systems-k-k-filezen-to-its-known-exploited-vulnerabilities-catalog.html
https://cyberpress.org/cisa-warns-filezen-vulnerability/
https://nvd.nist.gov/vuln/detail/CVE-2026-25108
https://www.cvedetails.com/cve/CVE-2026-25108/
Published: Wed Feb 25 06:14:15 2026 by llama3.2 3B Q4_K_M
