CVE-2026-25108
Published: 13 February 2026
Summary
CVE-2026-25108 is a high-severity OS Command Injection (CWE-78) vulnerability in Soliton Filezen. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 7.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely identification, reporting, and patching of the specific OS command injection flaw in FileZen, directly remediating CVE-2026-25108.
Enforces validation of HTTP request inputs to block specially crafted requests that enable OS command injection when the Antivirus Check Option is enabled.
Limits exposure by disabling or restricting the unnecessary Antivirus Check Option in FileZen, reducing the attack surface for command injection.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE enables exploitation of a public-facing web application (T1190) via crafted HTTP request leading to arbitrary OS command execution (T1059).
NVD Description
FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.
Deeper analysisAI
CVE-2026-25108 is an OS command injection vulnerability (CWE-78) affecting FileZen software, published on 2026-02-13. The issue arises when the FileZen Antivirus Check Option is enabled, allowing a logged-in user to send a specially crafted HTTP request that executes an arbitrary OS command. It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.
A logged-in user with low privileges can exploit this vulnerability remotely over the network without requiring user interaction. Successful exploitation enables execution of arbitrary operating system commands on the affected FileZen server, potentially leading to full system compromise, data theft, modification, or disruption.
Advisories from JVN (https://jvn.jp/en/jp/JVN84622767/) and Soliton (https://www.soliton.co.jp/support/2026/006657.html) provide details on patches and mitigation steps. The vulnerability is listed in CISA's Known Exploited Vulnerabilities Catalog (https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-25108), confirming real-world exploitation.
Security practitioners should prioritize patching FileZen instances with the Antivirus Check Option enabled and review access controls for logged-in users.
Details
- CWE(s)
- KEV Date Added
- 24 February 2026