CVE-2026-25108 – FileZen OS Command Injection Vulnerability

“A trusted file transfer tool became a dangerous entry point—attackers are already using this weakness to run system commands and take control of servers.”

This patch addresses a critical OS command injection vulnerability in FileZen tracked as CVE-2026-25108, with a CVSS v3.1 score of 8.8 (High). The issue occurs when the Antivirus Check Option is enabled. An authenticated user can send specially crafted HTTP requests that force FileZen to execute arbitrary operating system commands. This gives attackers the ability to run code on the host server with application-level privileges.

The vulnerability affects FileZen versions 4.2.1 through 4.2.8 and 5.0.0 through 5.0.10. FileZen S is not affected. A successful exploit can lead to full system compromise, data theft, service disruption, or lateral movement inside the network. Security authorities have confirmed active exploitation in real-world attacks, increasing the urgency of patching.

The issue is resolved in FileZen version 5.0.11, which removes the command injection vector and strengthens input handling in the antivirus scanning feature.

Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.

CVE-2026-25108 – FileZen OS Command Injection Vulnerability

Stay Tuned

PLATFORM

SOLUTIONS

RESOURCES

COMPANY

LEGAL

CONTACTS

+1-346-444-8530

Toll Free: 833-444-8530

708 Main St, 10th FL, Houston, TX 77002