A critical zero-day vulnerability in Soliton Systems K.K.'s FileZen, tracked as CVE-2026-25108, is actively being exploited in the wild, prompting urgent calls for patching. The flaw, which has been assigned a CVSS score of 8.8, allows attackers to execute arbitrary OS commands through a command injection vulnerability when the FileZen Antivirus Check Option is enabled. This vulnerability is particularly concerning as it was exploited before its disclosure, highlighting its zero-day nature.
The vulnerability, categorized under CWE-78, was officially published on February 13, 2026, and has since been added to the Known Exploited Vulnerabilities (KEV) catalog by CISA on February 24, 2026. This inclusion underscores the severity and the immediate need for organizations using FileZen to address the issue. The Exploit Prediction Scoring System (EPSS) has rated this vulnerability with a score of 0.095, indicating a moderate likelihood of exploitation.
The exploitation of CVE-2026-25108 involves sending a specially crafted HTTP request to the FileZen system, which, if successful, allows a logged-in user to execute commands at the operating system level. This capability can potentially lead to unauthorized access, data exfiltration, or further compromise of affected systems. Given the high severity and the active exploitation status, organizations using FileZen are urged to apply the available patches immediately to mitigate potential risks.
The urgency is further emphasized by the Security Severity Vulnerability Classification (SSVC), which categorizes this vulnerability as 'attend,' indicating that it requires immediate attention. The exploitation timeline, with a Time to Exploit (TTE) of -0.2 days, signifies that attackers were able to leverage this flaw even before it was publicly disclosed, a common characteristic of zero-day vulnerabilities.
Organizations should prioritize patching their FileZen systems to prevent potential breaches. Additionally, security teams should monitor network traffic for unusual activity that could indicate exploitation attempts. Implementing additional security measures, such as network segmentation and enhanced logging, can also help in detecting and mitigating exploitation efforts.
As attackers continue to exploit this vulnerability, the cybersecurity community remains vigilant in monitoring for further developments. The swift action in addressing this vulnerability is crucial to safeguarding sensitive data and maintaining the integrity of affected systems.
CSURFACE