Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability

The Hacker News by The Hacker News
February 25, 2026
Home Cybersecurity
Share on FacebookShare on Twitter


Ravie LakshmananFeb 25, 2026Vulnerability / Software Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

The vulnerability, tracked as CVE-2026-25108 (CVSS v4 score: 8.7), is a case of operating system (OS) command injection that could allow an authenticated user to execute arbitrary commands via specially crafted HTTP requests.

“Soliton Systems K.K FileZen contains an OS command injection vulnerability when a user logs-in to the affected product and sends a specially crafted HTTP request,” CISA said.

According to the Japan Vulnerability Notes (JVN), the vulnerability affects the following versions of the file transfer product –

  • Versions 4.2.1 to 4.2.8
  • Versions 5.0.0 to 5.0.10

Soliton noted in its advisory that successful exploitation of the issue is only possible when FileZen Antivirus Check Option is enabled, adding it has “received at least one report of damage caused by the exploitation of this vulnerability.”

The Japanese technology company also revealed that a bad actor must sign in to the web interface with general user privileges to be able to pull off an attack. Users are advised to update to version 5.0.11 or later to mitigate the threat.

“If you have been attacked or suspect that you have been victimized by this vulnerability, please consider not only updating to V5.0.11 or later, but also changing all user passwords as a precaution, as an attacker can log on with at least one real account,” it added.

Federal Civilian Executive Branch (FCEB) agencies are advised to apply the necessary fixes by March 17, 2026, to secure their networks.



Source link

The Hacker News

The Hacker News

Next Post
TECNO Unveils the World’s Thinnest Modular Smartphone Ecosystem Concept

TECNO Unveils the World's Thinnest Modular Smartphone Ecosystem Concept

Recommended.

How Data Centers Actually Work

How Data Centers Actually Work

October 24, 2025
Subtle Introduces Voicebuds – Reinventing Earbuds for Personal Voice Computing

Subtle Introduces Voicebuds – Reinventing Earbuds for Personal Voice Computing

January 5, 2026

Trending.

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

April 21, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio