Critical FileZen OS Command Injection Flaw (CVE-2026-25108) Under Active Exploitation

CISA Flags Active Exploitation of Critical FileZen Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed active exploitation of CVE-2026-25108, a severe operating system (OS) command injection vulnerability in FileZen, a secure file transfer appliance. The flaw was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on Tuesday, signaling an imminent threat to organizations using the affected product.

Technical Details

• CVE ID: CVE-2026-25108
• CVSS v4 Score: 8.7 (High)
• Vulnerability Type: OS Command Injection
• Attack Vector: Authenticated user exploitation
• Impact: Allows threat actors to execute arbitrary commands on the underlying OS with elevated privileges

The vulnerability stems from improper input validation in FileZen’s web interface, enabling authenticated attackers to inject malicious OS commands. While details of the exploitation method remain undisclosed, the flaw’s inclusion in the KEV catalog suggests attackers are actively leveraging it in the wild.

Impact Analysis

FileZen, developed by Soliton Systems, is widely deployed in enterprise environments for secure file transfers, including sensitive data handling. Successful exploitation of CVE-2026-25108 could lead to:

• Unauthorized system access: Attackers gaining control of the FileZen appliance
• Lateral movement: Pivoting to other critical network segments
• Data exfiltration: Theft of sensitive files stored or transmitted via FileZen
• Ransomware deployment: Encryption of files or disruption of file transfer operations

Given the appliance’s role in handling confidential data, organizations in sectors like finance, healthcare, and government are at heightened risk.

Recommendations

CISA has mandated federal civilian agencies to remediate CVE-2026-25108 by March 4, 2026, per Binding Operational Directive (BOD) 22-01. All organizations—public and private—are urged to:

1. Apply patches immediately: Update FileZen to the latest version provided by Soliton Systems.
2. Isolate vulnerable appliances: Restrict network access to FileZen instances until patched.
3. Monitor for suspicious activity: Review logs for unauthorized command execution or unusual file transfers.
4. Implement compensating controls: Deploy network segmentation and intrusion detection systems (IDS) to mitigate risk.
5. Verify backups: Ensure secure, offline backups of critical data to recover from potential ransomware attacks.

For further guidance, refer to CISA’s KEV catalog entry and Soliton Systems’ security advisory (if available).

Update: This article will be revised with additional technical details as they emerge.