# CISA adds CVE-2026-25108 FileZen command injection vulnerability to Known Exploited Vulnerabilities catalog _Friday, June 26, 2026 at 9:55 PM EDT · Cybersecurity · Latest · Tier 2 — Notable_ ![CISA adds CVE-2026-25108 FileZen command injection vulnerability to Known Exploited Vulnerabilities catalog — Primary](https://img.helpnetsecurity.com/wp-content/uploads/2026/02/25095600/soliton-1500.webp) CISA has added CVE-2026-25108 to its Known Exploited Vulnerabilities catalog. The entry covers an OS command injection vulnerability in Soliton Systems FileZen secure file transfer solution. The vendor has confirmed active exploitation and stated it has received multiple reports of damage from attackers abusing the flaw. The vulnerability allows remote authenticated attackers to inject commands via a specially crafted HTTP request into a specific field after logging in. It affects both physical and virtual versions of FileZen and requires that antivirus scanning be enabled. It does not affect FileZen S. The flaw impacts FileZen v5.0.0 to v5.0.10 and v4.2.1 to v4.2.8. Customers should upgrade to v5.0.11 or later. CISA has ordered US federal civilian agencies to mitigate the vulnerability by March 17, 2026. The FileZen solution enables secure authorized transfers of large files between segregated networks. It provides content sanitization, antivirus scanning, and comprehensive audit logging. Japan CERT notes that a file-monitoring feature for the system directory may record alterations in logs. Public disclosures from the Japanese CERT Coordination Center and a ransomware incident reported by Japan Washington Hotel occurred around the same time. This timing led to speculation that the vulnerability may have been used to deploy ransomware against organizations. However the KEV listing itself does not indicate that the vulnerability is currently linked to ransomware activity. ## Sources - [Help Net Security](https://www.helpnetsecurity.com/2026/02/25/cve-2026-25108-filezen-vulnerability-exploited/) --- Canonical: https://techandbusiness.org/newswire/X0O85GNlLhBSz1ObTqb22O Retrieved: 2026-06-27T05:53:47.618Z Publisher: Tech & Business (techandbusiness.org)