—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Command Injection Vulnerability in FileZen

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

FileZen versions V4.2.1 through V4.2.8

FileZen versions V5.0.0 through V5.0.10

Overview

A vulnerability has been reported in FileZen, which may allow a remote attacker to execute arbitrary code on the targeted vulnerable system.

Target Audience:

System administrators, IT professionals, and security teams responsible for managing affected FileZen deployments.

Risk Assessment:

High risk of arbitrary code execution, and full system compromise.

Impact Assessment:

Potential for unauthorized code execution, full system takeover, sensitive information disclosure, and disruption of services.

Description

FileZen is an on-premise, secure file transfer and sharing appliance that facilitates the secure file transfer through web browsers or file servers.

The vulnerability exists in FileZen due to improper neutralization of special elements. When the Antivirus Check Option is enabled, a logged-in attacker could exploit this flaw by sending specially crafted HTTP requests.

Successful exploitation could allow an unauthenticated attacker to execute arbitrary code on the targeted system.

Note: CVE-2026-25108 is being actively exploited in the wild. Users are advised to urgently patch affected systems.

Solution

Apply the security updates released by Soliton:

https://www.soliton.co.jp/support/2026/006657.html

Vendor Information

Soliton

https://www.soliton.co.jp/support/2026/006657.html

References

Soliton

https://www.soliton.co.jp/support/2026/006657.html

CVE Name

CVE-2026-25108

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmmhnD0ACgkQ3jCgcSdc

ys/ceBAAmsxogYrKUJOq0fr3JG+G2+j4MQHTJoJ+pjiwtcjlWj62ZqDFG5vRzE0I

6q9eFv8Ij0wy5bgVQ6mEAoI/xD+bOsbbnGQVTWpMRlUG3TR6QQnBwVmvYdcRGXH9

VoWmdw1+VAKhsOCZIbBVEN8Z4WmCFPSwbG2t+44bSbRLUmKHa2g2dE2LBWW6OUbk

S9pKGCwu49Lg/pH2mf4VmjMBlKIkTNMd0UIEoA+xKULdE995HtG5KosWAMr06z1z

7anJ2lG3hOmICrKHq0f4h1/u/2DehB4yN47LEMDEmULBOsFWdd1xO3yMhDMJsXTT

ywI3c4yqG+t+Zaeyl4dxT+mA6BeMnyMSAxME1nCcx3tbnY9E4Uhly7KurMnY025i

OqzvX+5A7Qs1lZI4/7kwi9kb8a49v7q7LLwFLBsh2Fq6Exs7ur+26vxYNionM/vv

Eg/PiUi7RsoC0JJ6sjmntv9WXw93R27gjzkjyz4kSvMOcF47v3YNyPow1QazWjH7

H9EFQZAOABGF6AKAcQJDG3vOa/aFRpFBy3etNgR+PtcWW+gDKlJBPAZqGSB9B6+g

7kWz7SoVbJqvmQFfwVXyJd5O0N2lvuaZpBJSrvfmqd4D6zE6EO74fFU6TYTuIP0j

QBT3jU3dsLuITxT/2EW5sqChUGFwTVWlctcRp+OCoRAV2wGDl+Q=

=exKF

—–END PGP SIGNATURE—–