๐ฅ This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)
CVE-2026-25108: Soliton Systems K.K FileZen OS Command Injection Vulnerability
Summary
Soliton Systems K.K FileZen has an OS command injection vulnerability (a flaw where an attacker can run unauthorized system commands by sending specially crafted requests) that can be triggered when a user logs in. This vulnerability is currently being actively exploited by attackers.
Solution / Mitigation
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Vulnerability Details
EPSS: 18.6%
๐ฅ Actively Exploited
Classification
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-25108
First tracked: February 24, 2026 at 03:00 PM
Classified by LLM (prompt v3) ยท confidence: 95%