CVE-2026-25108

Double AsteriskName of the Vulnerable Software and Affected VersionsDouble Asterisk FileZen versions 4.2.1 through 4.2.8 FileZen versions 5.0.0 through 5.0.10

Double AsteriskDescriptionDouble Asterisk FileZen contains an OS command injection vulnerability. When the FileZen Antivirus Check Option is enabled, an authenticated user can send a specially crafted HTTP request to execute arbitrary OS commands. This vulnerability, identified as CVE-2026-25108, has a CVSS v4 score of 8.7 and is currently being actively exploited. At least one incident of exploitation has been confirmed. The vulnerability allows attackers with valid credentials to execute arbitrary commands on the system via crafted HTTP requests when the antivirus check feature is enabled.

Double AsteriskRecommendationsDouble Asterisk FileZen versions 4.2.1 through 4.2.8: Update to version 5.0.11 or later. FileZen versions 5.0.0 through 5.0.10: Update to version 5.0.11 or later.