External risk intelligence

Soliton FileZen could allow authenticated users to execute OS commands and disrupt operations.

Soliton FileZen, with the Antivirus Check Option enabled, could allow an authenticated user to execute commands and gain administrative control, potentially compromising operational systems and sensitive data. This vulnerability is subject to active exploitation, requiring immediate vendor updates.

NVD published February 13, 2026 (3 months ago)

External risk briefKnown Exploit

CVE-2026-25108

Halo Surface Signal

4/ 5

Soliton FileZen is a file transfer platform designed for secure data exchanges between internal and external users. These platforms are typically deployed as internet-facing web gateways to support their function. While this vulnerability requires authentication, the application interface is frequently exposed to the network to enable its core use case as a managed file transfer portal.

Exposure facts

CVSS

8.7

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

KEV

Soliton Systems K.K FileZen OS Command Injection Vulnerability

EPSS

8.37%

H – Horizon Alert

The FileZen platform contains an operating system command injection vulnerability. When the Antivirus Check Option is enabled, an authenticated user could send a specially crafted request to execute unauthorized commands on the server. This issue matters because it could allow a user to perform actions beyond their authorized permissions, potentially compromising the integrity of the system.

A – Asset Exposure

This issue affects organizations using the FileZen file transfer platform, specifically when the Antivirus Check Option is enabled. Because this vulnerability requires a logged-in user to interact with the system, the risk is primarily confined to users or partners who already have authorized access to the platform’s interface. If triggered, this flaw could allow an attacker to execute arbitrary commands, potentially granting them admin access or control over the underlying operational systems. This creates a risk to the security and integrity of the sensitive files and data processed by the platform.

L – Live Threat

This vulnerability is currently listed in the CISA Known Exploited Vulnerabilities catalog, which confirms that it is subject to active exploitation in the wild. This designation serves as a definitive signal that malicious actors are actively targeting this flaw. Consequently, the likelihood of impact is elevated based on this confirmed threat activity.

O – Operational Fix

To address the identified vulnerability in FileZen, please prioritize reviewing and applying the latest mitigations or updates provided by the vendor, Soliton Systems K.K. We recommend confirming whether the Antivirus Check Option is currently active on your systems, as this feature is the primary focus of the reported risk. If an official update is not immediately available for your specific deployment, please coordinate with your team to restrict exposure or evaluate the necessity of maintaining the service until a secure resolution is implemented.