CVE 8.8 HIGH

CVE-2026-25108_CVE-2026-25108

February 12, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

FileZen contains an OS command injection vulnerability. When FileZen virus check option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.

AI Analysis

OS command injection vulnerability in FileZen virus check option

Basic Information

ID CVE-2026-25108

Source jpcert

Published Feb 13, 2026 at 03:39

Affected Product

Vendor Soliton Systems K.K.

Product FileZen

Version V5.0.0 to V5.0.10

Affected Versions Soliton Systems K.K. FileZen V5.0.0 to V5.0.10
Soliton Systems K.K. FileZen V4.2.1 to V4.2.8

CWE Classification

CWE-78

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Soliton Systems K.K.

Product FileZen

Version V4.2.1 to V4.2.8, V5.0.0 to V5.0.10

References

{
    "lastseen": "",
    "description": "FileZen contains an OS command injection vulnerability. When FileZen virus check option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.",
    "published": "2026-02-13T03:39:03.795Z",
    "modified": "2026-02-13T03:39:03.795Z",
    "type": "cve",
    "title": "CVE-2026-25108",
    "source": "jpcert",
    "references": "https://www.soliton.co.jp/support/2026/006657.html\nhttps://jvn.jp/en/jp/JVN84622767/",
    "id": "CVE-2026-25108",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Soliton Systems K.K. FileZen V5.0.0 to V5.0.10\nSoliton Systems K.K. FileZen V4.2.1 to V4.2.8",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FileZen",
    "version": "V5.0.0 to V5.0.10",
    "vendor": "Soliton Systems K.K.",
    "ai_description": "OS command injection vulnerability in FileZen virus check option",
    "ai_severity": "High",
    "ai_vendor": "Soliton Systems K.K.",
    "ai_product": "FileZen",
    "ai_version": "V4.2.1 to V4.2.8, V5.0.0 to V5.0.10",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply