{"id":217217,"date":"2026-02-25T04:22:00","date_gmt":"2026-02-25T09:22:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/25\/u-s-cisa-adds-a-flaw-in-soliton-systems-k-k-filezen-to-its-known-exploited-vulnerabilities-catalog\/"},"modified":"2026-02-25T06:35:20","modified_gmt":"2026-02-25T11:35:20","slug":"u-s-cisa-adds-a-flaw-in-soliton-systems-k-k-filezen-to-its-known-exploited-vulnerabilities-catalog","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/25\/u-s-cisa-adds-a-flaw-in-soliton-systems-k-k-filezen-to-its-known-exploited-vulnerabilities-catalog\/","title":{"rendered":"U.S. CISA adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog"},"content":{"rendered":"

U.S. CISA adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog<\/a><\/p>\n

https:\/\/securityaffairs.com\/188473\/hacking\/u-s-cisa-adds-a-flaw-in-soliton-systems-k-k-filezen-to-its-known-exploited-vulnerabilities-catalog.html?amp<\/a><\/p>\n

Publish Date: 2026-02-25 04:22:00<\/a><\/p>\n

Source Domain: securityaffairs.com<\/a><\/p>\n

U.S. CISA adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog<\/h2>\n<\/p>\n

\t\t\t\t\t\t\t Pierluigi Paganini<\/span>
\n\t\t\t\t\t\t\t\"\"\/ February 25, 2026<\/span><\/p>\n

\t\t\t\t\t\t\"\"\/<\/p>\n

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog.<\/h2>\n

The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added\u00a0a Soliton Systems K.K FileZen flaw, tracked as CVE-2026-25108 (CVSS v4 score of 8.7), to its\u00a0Known Exploited Vulnerabilities (KEV) catalog.<\/p>\n

Soliton Systems K.K. FileZen is a secure file transfer solution that enables organizations to share and manage sensitive data safely. It provides access controls, activity logging, and antivirus scanning. <\/p>\n

The vulnerability is an operating system (OS) command injection that could allow an authenticated user to execute arbitrary commands via specially crafted HTTP requests.<\/p>\n

\u201cCommand Injection Vulnerability in a Specific Field on the Post-Logon Screen (CWE-78)\u201d reads the advisory. \u201cA remote attacker may be able to execute arbitrary OS commands within FileZen.\u201d<\/p>\n

The vulnerability can be exploited only if two conditions are met: the FileZen virus check feature (BitDefender-based) is enabled, and an attacker has valid login access to the FileZen website, either through leaked credentials or successfully guessed user IDs and passwords.<\/p>\n

The flaw impacts Versions 5.0.0 to 5.0.10 and Versions 4.2.1 to 4.2.8. V5.0.11 or later address the flaw.<\/p>\n

Soliton is aware of the active exploitation of this flaw:<\/p>\n

\u201cWe have received at least one report of damage caused by the exploitation of this vulnerability.\u201d reads the advisory. \u201cFor this vulnerability to occur, an attacker must log on to the web screen with general user privileges. If you have been attacked or suspected of being a victim of this vulnerability, please consider not only updating to V5.0.11 or later, but also changing…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

U.S. CISA adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities…<\/p>\n","protected":false},"author":1,"featured_media":217218,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2020\/07\/CISA.jpeg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-217217","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/217217"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=217217"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/217217\/revisions"}],"predecessor-version":[{"id":217219,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/217217\/revisions\/217219"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/217218"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=217217"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=217217"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=217217"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}