Breaking
Crimson Desert Review
Woman Sentenced After Stealing From Dead Mother
IU Students Killed
Trump is forcing coal plants to stay open. It could cost customers billions.
Legendary Lost Episode of Mystery Science Theater 3000 Found, Posted to YouTube
Nvidia Confirms DLSS 5 Is Re-Drawing Games, and That Sucks
Proposed Illinois bill would require serial numbers on handgun ammunition
Rockford residents rejoice in spring sunshine after blizzard
High school students showcase skills at CEANCI competition in Rockford
Highland Community College and Illinois State University partner for seamless transfer
20 Mar 2026, Fri
Launch Your Site in 5 Minutes
Cyber Security News

FileZen File Transfer App Vulnerability Enables Arbitrary Command Execution

By rssfeeds-admin No Comments
FileZen File Transfer App Vulnerability Enables Arbitrary Command Execution
FileZen File Transfer App Vulnerability Enables Arbitrary Command Execution
A critical vulnerability has been discovered in the file transfer solution from Soliton Systems K.K., potentially allowing attackers to execute arbitrary system commands on affected installations.

The issue, tracked as CVE-2026-25108, has been assessed with a CVSS v3.0 base score of 8.8, indicating a severe command injection flaw.

The flaw stems from an OS command injection vulnerability (CWE-78) within FileZen’s processing mechanism whenever the Antivirus Check Option is enabled.

Attackers with authenticated access could exploit this weakness by sending specially crafted HTTP requests to the affected FileZen instance, thereby gaining execution privileges on the underlying operating system.

The developer, Soliton Systems K.K., confirmed that exploitation attempts targeting this vulnerability have already been observed in the wild, indicating active use of this flaw before it was patched.

FileZen File Transfer App Vulnerability

FileZen is a secure file transfer and sharing system widely used by enterprises for data exchange across organizations and internal networks. The company clarified that FileZen S (a separate variant) is not affected.

CVE IDCVSSDescriptionAffected Versions
CVE-2026-251088.8 (High)OS command injection enabling arbitrary execution.V5.0.0–V5.0.10, V4.2.1–V4.2.8

The issue allows an authenticated attacker, once logged in, to send a maliciously crafted HTTP request that could run arbitrary OS-level commands with elevated privileges.

Successful exploitation may enable attackers to fully compromise the affected appliance, manipulate files, or establish persistent access for further exploitation within the network.

According to the advisory published through Japan’s JPCERT/CC (JVN#84622767), this vulnerability affects a file transfer system often exposed to enterprise networks, and the risk extends to data confidentiality and system integrity.

Soliton Systems has released a firmware update addressing this issue. Users are urged to upgrade to FileZen firmware version V5.0.11 or later, as it includes security fixes that neutralize the OS command injection vector.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post FileZen File Transfer App Vulnerability Enables Arbitrary Command Execution appeared first on Cyber Security News.

Discover more from RSS Feeds Cloud

Subscribe to get the latest posts sent to your email.

By rssfeeds-admin

Related Posts

Cyber Security News

Anthropic Launches Projects Feature for Claude Cowork Desktop

rssfeeds-admin
Cyber Security News

Google Chrome Update Fixes 26 Security Flaws, Including RCE Vulnerabilities

rssfeeds-admin
Cyber Security News

Critical UNISOC T612 Modem Flaw Enables RCE via Cellular Calls

rssfeeds-admin

You Missed

IGN

Crimson Desert Review

Indiana News

Woman Sentenced After Stealing From Dead Mother

Indiana News

IU Students Killed

Tennessee News

Trump is forcing coal plants to stay open. It could cost customers billions.

Discover more from RSS Feeds Cloud

Subscribe now to keep reading and get access to the full archive.

Continue reading