Breaking
MLB The Show 26 Review
Every Batman Movie You Can Buy In 4K UHD in 2026
Crimson Desert Review
Woman Sentenced After Stealing From Dead Mother
IU Students Killed
Trump is forcing coal plants to stay open. It could cost customers billions.
Legendary Lost Episode of Mystery Science Theater 3000 Found, Posted to YouTube
Nvidia Confirms DLSS 5 Is Re-Drawing Games, and That Sucks
Proposed Illinois bill would require serial numbers on handgun ammunition
Rockford residents rejoice in spring sunshine after blizzard
20 Mar 2026, Fri
Launch Your Site in 5 Minutes
Cyber Security News

Critical FileZen File Transfer Flaw Allows Arbitrary Command Execution

By rssfeeds-admin No Comments
Critical FileZen File Transfer Flaw Allows Arbitrary Command Execution
Critical FileZen File Transfer Flaw Allows Arbitrary Command Execution
A critical vulnerability in FileZen, a popular file transfer solution from Japan’s Soliton Systems K.K., lets authenticated attackers run arbitrary operating system commands on vulnerable servers.

Tracked as CVE-2026-25108, this OS command injection flaw strikes high with CVSS scores of 8.8 (v3.0) and 8.7 (v4.0).

It poses a major threat to businesses handling sensitive file transfers, especially those with the Antivirus Check Option turned on.

The issue arises when attackers with valid login credentials send specially crafted HTTP requests. This exploits a weakness in how FileZen processes inputs during antivirus scanning, injecting malicious commands that execute with the app’s privileges.

Attackers could steal data, install malware, or fully take over the system. Japan’s Vulnerability Notes (JVN) advisory, published February 13, 2026, confirms real-world exploitation attempts are underway, urging immediate action.

FileZen versions V-5.0.0 to V-5.0.10 and V-4.2.1 to V-4.2.8 are affected. FileZen S versions remain safe.

No exploit code is public yet, but the low barrier, needing only authentication, makes it dangerous in shared environments.

CVE IDCVSS v3.0 ScoreCVSS v4.0 ScoreDescription
CVE-2026-251088.8 (High)8.7 (Critical)OS command injection in FileZen; authenticated attackers execute arbitrary commands via crafted HTTP requests when Antivirus Check Option is enabled.

Exploitation grants attackers the app’s system-level access, risking total compromise of confidentiality, integrity, and availability.

Soliton Systems patched it in V-5.0.11 after working with JPCERT/CC under Japan’s early warning partnership. The fix blocks the injection path without breaking core features.

Organizations must upgrade now, prioritizing setups with antivirus scanning active. Scan logs for odd logins, suspicious HTTP traffic, or command artifacts from mid-February 2026.

JPCERT/CC’s alert JPCERT-AT-2026-0004 offers Japanese-specific tips, including IOCs for failed exploits.

This flaw highlights risks in file transfer tools with integrated scanning. Disabling the Antivirus Check Option reduces exposure until patching, but it’s no substitute for updates. Vendors like Soliton stress secure defaults in future releases.

Follow us on Google News , LinkedIn and X to Get More Instant UpdatesSet Cyberpress as a Preferred Source in Google

The post Critical FileZen File Transfer Flaw Allows Arbitrary Command Execution appeared first on Cyber Security News.

Discover more from RSS Feeds Cloud

Subscribe to get the latest posts sent to your email.

By rssfeeds-admin

Related Posts

Cyber Security News

Anthropic Launches Projects Feature for Claude Cowork Desktop

rssfeeds-admin
Cyber Security News

Google Chrome Update Fixes 26 Security Flaws, Including RCE Vulnerabilities

rssfeeds-admin
Cyber Security News

Critical UNISOC T612 Modem Flaw Enables RCE via Cellular Calls

rssfeeds-admin

You Missed

IGN

MLB The Show 26 Review

IGN

Every Batman Movie You Can Buy In 4K UHD in 2026

IGN

Crimson Desert Review

Indiana News

Woman Sentenced After Stealing From Dead Mother

Discover more from RSS Feeds Cloud

Subscribe now to keep reading and get access to the full archive.

Continue reading