CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-25108

FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.5%

CVSS Severity

CVSS v3 Score 8.8

Proposed Action

Soliton Systems K.K FileZen contains an OS command injection vulnerability when an user logs-in to the affected product and sends a specially crafted HTTP request.

Ransomware Campaign

Unknown

References

https://jvn.jp/en/jp/JVN84622767/
https://www.soliton.co.jp/support/2026/006657.html
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-25108

Products affected by CVE-2026-25108

Soliton » Filezen » Version: 4.2.1

cpe:2.3:a:soliton:filezen:4.2.1
Soliton » Filezen » Version: 4.2.2

cpe:2.3:a:soliton:filezen:4.2.2
Soliton » Filezen » Version: 4.2.7

cpe:2.3:a:soliton:filezen:4.2.7
Soliton » Filezen » Version: 5.0.0

cpe:2.3:a:soliton:filezen:5.0.0
Soliton » Filezen » Version: 5.0.2

cpe:2.3:a:soliton:filezen:5.0.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-25108

Products

Pricing

Contact Us