Critical FileZen Vulnerability Exploited in the Wild, Enabling OS Command Injection
A severe vulnerability in FileZen, a widely used file transfer solution from Japan’s Soliton Systems K.K., allows authenticated attackers to execute arbitrary operating system commands on vulnerable servers. Tracked as CVE-2026-25108, the flaw carries CVSS scores of 8.8 (v3.0) and 8.7 (v4.0), classifying it as a high-to-critical risk.
The vulnerability stems from an OS command injection weakness in FileZen’s Antivirus Check Option, where specially crafted HTTP requests sent by attackers with valid credentials can trigger malicious command execution under the application’s privileges. Exploitation could lead to data theft, malware deployment, or full system compromise, with attackers gaining system-level access.
Affected versions include FileZen V-5.0.0 to V-5.0.10 and V-4.2.1 to V-4.2.8, while FileZen S versions remain unaffected. Japan’s Vulnerability Notes (JVN) confirmed active exploitation attempts in a February 13, 2026 advisory, warning organizations to act swiftly. Though no public exploit code exists, the low barrier to attack requiring only authentication makes it particularly dangerous in shared environments.
Soliton Systems released a patch (V-5.0.11) in collaboration with JPCERT/CC under Japan’s early warning partnership, closing the injection vector without disrupting core functionality. Organizations are advised to upgrade immediately, prioritizing systems with the Antivirus Check Option enabled. Security teams should also review logs for suspicious activity, including unusual logins or command artifacts, dating back to mid-February 2026.
The incident underscores risks in file transfer tools with integrated scanning features, with temporary mitigation possible by disabling the Antivirus Check Option though patching remains the only definitive solution. Soliton has emphasized secure defaults in future releases to prevent similar vulnerabilities. JPCERT/CC’s alert (JPCERT-AT-2026-0004) provides additional guidance, including indicators of compromise (IOCs) for failed exploitation attempts.
Source: https://cyberpress.org/filezen-file-transfer-flaw/
Soliton Systems K.K. TPRM report: https://www.rankiteo.com/company/soliton
"id": "sol1771237768",
"linkid": "soliton",
"type": "Vulnerability",
"date": "2/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Technology (File Transfer Solutions)',
'location': 'Japan',
'name': 'Soliton Systems K.K.',
'type': 'Vendor'},
{'name': 'FileZen Users', 'type': 'Customers'}],
'attack_vector': 'Authenticated HTTP Requests',
'data_breach': {'data_exfiltration': 'Potential'},
'date_detected': '2026-02-13',
'date_publicly_disclosed': '2026-02-13',
'description': 'A severe vulnerability in FileZen, a widely used file '
'transfer solution from Japan’s Soliton Systems K.K., allows '
'authenticated attackers to execute arbitrary operating system '
'commands on vulnerable servers. Tracked as CVE-2026-25108, '
'the flaw carries CVSS scores of 8.8 (v3.0) and 8.7 (v4.0), '
'classifying it as a high-to-critical risk. The vulnerability '
'stems from an OS command injection weakness in FileZen’s '
'Antivirus Check Option, where specially crafted HTTP requests '
'sent by attackers with valid credentials can trigger '
'malicious command execution under the application’s '
'privileges. Exploitation could lead to data theft, malware '
'deployment, or full system compromise, with attackers gaining '
'system-level access.',
'impact': {'data_compromised': 'Potential data theft',
'operational_impact': 'Full system compromise possible',
'systems_affected': 'FileZen servers (V-5.0.0 to V-5.0.10, V-4.2.1 '
'to V-4.2.8)'},
'investigation_status': 'Active exploitation confirmed; patch released.',
'lessons_learned': 'Risks in file transfer tools with integrated scanning '
'features; importance of secure defaults in future '
'releases.',
'post_incident_analysis': {'corrective_actions': 'Patch released (V-5.0.11); '
'secure defaults planned for '
'future releases.',
'root_causes': 'OS command injection vulnerability '
'in Antivirus Check Option due to '
'insufficient input validation.'},
'recommendations': 'Upgrade to FileZen V-5.0.11 immediately; disable '
'Antivirus Check Option if patching is delayed; review '
'logs for suspicious activity dating back to mid-February '
'2026.',
'references': [{'source': 'JVN (Japan Vulnerability Notes)'},
{'source': 'JPCERT/CC Alert (JPCERT-AT-2026-0004)'}],
'regulatory_compliance': {'regulatory_notifications': 'JVN (Japan '
'Vulnerability Notes)'},
'response': {'communication_strategy': 'Public advisory via JVN and JPCERT/CC',
'containment_measures': 'Disabling Antivirus Check Option '
'(temporary mitigation)',
'enhanced_monitoring': 'Review logs for suspicious activity '
'(unusual logins or command artifacts)',
'remediation_measures': 'Patch to V-5.0.11',
'third_party_assistance': 'JPCERT/CC'},
'stakeholder_advisories': 'JPCERT/CC and Soliton Systems advisory for '
'affected organizations.',
'title': 'Critical FileZen Vulnerability Exploited in the Wild, Enabling OS '
'Command Injection',
'type': 'OS Command Injection',
'vulnerability_exploited': 'CVE-2026-25108'}