FileZen Vulnerability Enables Command Execution

Soliton Systems K.K. disclosed CVE-2026-25108, a critical OS command injection flaw in FileZen. The vulnerability carries CVSS v3.0 score of 8.8. Authenticated attackers execute arbitrary system commands through crafted HTTP requests when Antivirus Check remains enabled.

FileZen versions V5.0.0 through V5.0.10 and V4.2.1 through V4.2.8 suffer the defect. The issue resides in input processing during antivirus scanning. Attackers require valid login credentials but no additional privileges.

BEST WINTER DEALS

Editor's Choice

Private Internet Access

Access content across the globe at the highest speed rate.

70% of our readers choose Private Internet Access

70% of our readers choose ExpressVPN

ExpressVPN

Browse the web from multiple devices with industry-standard security protocols.

Nord VPN

Faster dedicated servers for specific actions (currently at summer discounts)

Japan’s JPCERT/CC published advisory JVN#84622767 on February 16, 2026. Soliton confirmed active exploitation attempts occurred before patches deployed. FileZen S variant remains unaffected by this vulnerability.

Technical Breakdown

Malicious HTTP requests bypass input sanitization completely. OS commands execute with elevated appliance privileges during scan operations. Attackers compromise entire FileZen installations through single authenticated sessions.

Successful exploits enable full system control. File manipulation follows immediately. Network pivoting targets connected enterprise systems. Persistent backdoors establish long-term access points.

FileZen facilitates secure inter-organizational transfers. Compromise exposes sensitive customer data across multiple networks. Incident response demands rapid containment and forensic analysis.

Affected Versions

Exploitation Requirements

• Authenticated user session
• Antivirus Check Option enabled
• Direct network access to FileZen
• Crafted HTTP request capability

Patch Details

Mandatory Firmware Upgrade:

• V5.0.11 eliminates injection vector
• All vulnerable versions discontinued
• Appliance-based manual deployment only

Attack Indicators

• Anomalous antivirus scan activity
• Unexpected system processes
• FileZen-to-external IP connections
• Authentication followed by command execution

Risk Assessment

Enterprise file transfer appliances represent high-value targets. Data confidentiality fails completely upon compromise. System integrity suffers permanent damage. Lateral movement threatens production networks.

Soliton observed attacks pre-disclosure. Rapid patch deployment limited widespread impact. JPCERT coordinates ongoing mitigation globally.

Mitigation Strategy

• Deploy V5.0.11 firmware immediately
• Disable Antivirus Check if unpatched
• Restrict FileZen to internal networks
• Monitor login and HTTP request logs
• Segment appliances from critical systems

FAQ