{"cve_id":"CVE-2026-25108","summary":"FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.08854,"ranking_epss":0.92522,"kev":true,"propose_action":"Soliton Systems K.K FileZen contains an OS command injection vulnerability when an user logs-in to the affected product and sends a specially crafted HTTP request.","ransomware_campaign":"Unknown","references":["https://jvn.jp/en/jp/JVN84622767/","https://www.soliton.co.jp/support/2026/006657.html","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-25108"],"published_time":"2026-02-13T04:15:53","cpes":["cpe:2.3:a:soliton:filezen:4.2.1","cpe:2.3:a:soliton:filezen:4.2.2","cpe:2.3:a:soliton:filezen:4.2.7","cpe:2.3:a:soliton:filezen:5.0.0","cpe:2.3:a:soliton:filezen:5.0.2"]}