嗯,用户让我用中文总结一下这篇文章,控制在100字以内,而且不需要用“文章内容总结”或者“这篇文章”这样的开头。直接写描述即可。 首先,我需要通读文章,抓住主要信息。文章讲的是美国CISA将Soliton Systems的FileZen软件中的一个漏洞加入到已知被利用的漏洞目录中。漏洞编号是CVE-2026-25108,CVSS评分8.7分。这个漏洞允许经过认证的用户通过恶意HTTP请求执行任意命令。影响版本是4.2.1到5.0.10,修复版本是5.0.11及以上。CISA要求联邦机构在3月17日前修复,并建议私营组织也检查和修复。 接下来,我需要把这些信息浓缩到100字以内。要注意包括CISA、FileZen、漏洞编号、影响版本、修复版本、攻击条件(需要有效登录)、以及CISA的截止日期。 可能的结构:CISA将FileZen漏洞加入目录,漏洞允许执行命令,影响特定版本,需修复,截止日期。 现在开始组织语言: 美国网络安全和基础设施安全局(CISA)将Soliton Systems的FileZen软件中的一个严重漏洞(CVE-2026-25108)加入已知被利用的漏洞目录。该漏洞允许经过认证的用户通过恶意HTTP请求执行任意操作系统命令。受影响版本为4.2.1至5.0.10,已通过5.0.11及以上版本修复。攻击者需具备有效登录权限才能利用此漏洞。CISA要求联邦机构在2026年3月17日前完成修复,并建议私营组织也采取相应措施。 检查字数:大约97字左右,符合要求。 </think> 美国网络安全和基础设施安全局(CISA)将Soliton Systems的FileZen软件中的一个严重漏洞(CVE-2026-25108)加入已知被利用的漏洞目录。该漏洞允许经过认证的用户通过恶意HTTP请求执行任意操作系统命令。受影响版本为4.2.1至5.0.10,已通过5.0.11及以上版本修复。攻击者需具备有效登录权限才能利用此漏洞。CISA要求联邦机构在2026年3月17日前完成修复,并建议私营组织也采取相应措施。 2026-2-25 09:23:17 Author: securityaffairs.com(查看原文) 阅读量:19 收藏
U.S. CISA adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog
Pierluigi Paganini
February 25, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Soliton Systems K.K FileZen flaw, tracked as CVE-2026-25108 (CVSS v4 score of 8.7), to its Known Exploited Vulnerabilities (KEV) catalog.
Soliton Systems K.K. FileZen is a secure file transfer solution that enables organizations to share and manage sensitive data safely. It provides access controls, activity logging, and antivirus scanning.
The vulnerability is an operating system (OS) command injection that could allow an authenticated user to execute arbitrary commands via specially crafted HTTP requests.
“Command Injection Vulnerability in a Specific Field on the Post-Logon Screen (CWE-78)” reads the advisory. “A remote attacker may be able to execute arbitrary OS commands within FileZen.”
The vulnerability can be exploited only if two conditions are met: the FileZen virus check feature (BitDefender-based) is enabled, and an attacker has valid login access to the FileZen website, either through leaked credentials or successfully guessed user IDs and passwords.
The flaw impacts Versions 5.0.0 to 5.0.10 and Versions 4.2.1 to 4.2.8. V5.0.11 or later address the flaw.
Soliton is aware of the active exploitation of this flaw:
“We have received at least one report of damage caused by the exploitation of this vulnerability.” reads the advisory. “For this vulnerability to occur, an attacker must log on to the web screen with general user privileges. If you have been attacked or suspected of being a victim of this vulnerability, please consider not only updating to V5.0.11 or later, but also changing all user passwords as a precaution, since an attacker could log on with at least one real account.”
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix the vulnerability by March 17, 2026.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, US CISA Known Exploited Vulnerabilities catalog)
“
如有侵权请联系:admin#unsafe.sh