🔴 CVE-2026-25108

FileZen contains an OS command injection vulnerability allowing authenticated users to execute arbitrary OS commands via specially crafted HTTP requests when the Antivirus Check Option is enabled. This is a critical server-side vulnerability in a file sharing platform commonly deployed as internet-facing infrastructure.

← Back to Overview
HIGH_RISK
Risk Level
8.8
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2026-02-13

Added to CISA KEV: 2026-02-24 11 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-02-24)

Regarding CVE-2026-25108, here's what is known about its exploitation:

  • CISA Known Exploited Vulnerabilities (KEV) Status: Information regarding CVE-2026-25108's inclusion in the CISA Known Exploited Vulnerabilities (KEV) Catalog is not explicitly detailed in the provided search results. CISA maintains this catalog to highlight vulnerabilities with evidence of active exploitation [1][4]. Updates to the catalog have been noted, with new vulnerabilities being added based on exploitation evidence [3][5].
  • Evidence of Active Exploitation: The provided search results do not contain specific evidence of CVE-2026-25108 being actively exploited in the wild. However, the general context of CISA's KEV catalog indicates that vulnerabilities are added when there is evidence of such exploitation [1].
  • Attack Vectors and Exploitation Methods: CVE-2026-25108 is described as a FileZen OS Command Injection Vulnerability [2]. This type of vulnerability typically allows an attacker to execute arbitrary operating system commands on the affected system. Common Attack Pattern Enumeration and Classification (CAPEC) details common attributes and approaches used by adversaries to exploit such weaknesses [2].
  • Internet-Facing Applications/Services and Targeted Attacks: The provided information does not specify whether CVE-2026-25108 affects internet-facing applications or services, nor does it indicate if it has been used in targeted attacks.
  • Technical Details about Internet Exploitability: Specific technical details regarding the internet exploitability of CVE-2026-25108 are not present in the provided search results. The vulnerability is categorized as an OS command injection, suggesting potential for remote exploitation if the vulnerable component is exposed.
There are knowledge gaps regarding the specific impact on internet-facing services, evidence of active exploitation in the wild, and whether it has been used in targeted attacks for CVE-2026-25108.

Sources

  1. Known Exploited Vulnerabilities Catalog - CISA

    For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catal…

  2. CVE-2026-25108 - FileZen OS Command Injection Vulnerability

    Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-25108 weaknesses.The following table lists the changes that have been made to the CVE-2026-25108 vulnera…

  3. The Kev Catalog

    A list of Known Exploited Vulnerabilities.

  4. CISA Adds Six Known Exploited Vulnerabilities to Catalog

    CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

  5. CISA Adds Two Known Exploited Vulnerabilities to Catalog

    CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed