CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability

FOE The Hacker News February 25, 2026

Summary

CISA added CVE-2026-25108, a command injection vulnerability in FileZen, to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation. An authenticated user can exploit this to execute operating system commands.

IFF Assessment

FOE

The active exploitation of a command injection vulnerability is bad news for defenders.

Severity

8.8 High

Defender Context

Defenders using FileZen should patch immediately and monitor for signs of compromise. Command injection vulnerabilities are frequently targeted by attackers, so vigilant logging and intrusion detection systems are essential.

Read Full Story →