Critical FileZen Vulnerability Actively Exploited, Added to CISA’s KEV Catalog U.S. authorities have confirmed that threat actors are actively exploiting a critical OS command injection vulnerability (CVE-2026-25108) in FileZen, a file-sharing and transfer solution by Soliton Systems K.K.. The flaw, rated 9.8 (Critical) on the CVSS scale, allows remote attackers to execute arbitrary commands on affected systems, risking full compromise, data theft, and lateral movement within networks. The Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, signaling an urgent threat to organizations using unpatched versions of FileZen. Exploitation of such flaws is a growing trend, with cybercriminals increasingly targeting enterprise file-sharing tools due to their broad access to sensitive data. Under Binding Operational Directive (BOD) 22-01, federal agencies are required to remediate the vulnerability by CISA’s mandated deadline to comply with security standards. While the directive applies only to Federal Civilian Executive Branch (FCEB) agencies, CISA strongly recommends that private-sector organizations adopt similar measures to mitigate risk. The vulnerability affects all unpatched versions of FileZen Core Server and has already been weaponized in real-world attacks. Threat actors are actively scanning for exposed systems, leveraging the flaw’s low complexity and high impact to gain deep system access. CISA continues to monitor intelligence and update the KEV Catalog as new threats emerge.