Critical Vulnerability Information Vulnerability ID: JVN#84622767 Title: FileZen vulnerable to OS command injection Severity Level: Critical Affected Products FileZen versions from V5.0.0 to V5.0.10 FileZen versions from V4.2.1 to V4.2.8 FileZen S is not affected Description Vulnerability Type: OS command injection (CWE-78) CVSS Score: - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.7 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.8 CVE ID: CVE-2026-25108 Exploitation Condition: The vulnerability can be exploited when the Antivirus Check Option in FileZen is enabled Attack Observation: Instances of attackers exploiting this vulnerability have been observed Impact If a user logs into an affected product and sends a specially crafted HTTP request, arbitrary OS commands may be executed Solution Remediation: Update the Firmware Specific Version: FileZen V5.0.11 Vendor Status References and Additional Details JPCERT/CC Addendum Vulnerability Analysis by JPCERT/CC Credit: Soliton Systems K.K. reported this vulnerability and notified users via JPCERT/CC CVE ID: CVE-2026-25108 JVNDB ID: JVNDL-2026-000023 Historical Updates 2026/02/13: Information in the "Description" and "Other Information" sections was updated