Close Menu
  • Home
  • Cybercrime and Ransomware
  • Emerging Tech
  • Threat Intelligence
  • Expert Insights
  • Careers and Learning
  • Compliance

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

What's Hot

Urgent: Threatening Exploits Targeting SharePoint Server Vulnerability

July 2, 2026

Medtronic Data Breach: Hackers Access Corporate IT Systems

July 2, 2026

New ChocoPoC RAT targets researchers with fake exploit repositories

July 2, 2026
Facebook X (Twitter) Instagram
The CISO Brief
  • Home
  • Cybercrime and Ransomware
  • Emerging Tech
  • Threat Intelligence
  • Expert Insights
  • Careers and Learning
  • Compliance
Home » CISA Flags Gladinet and CWP Vulnerabilities Amid Active Exploitation

CISA Flags Gladinet and CWP Vulnerabilities Amid Active Exploitation

Staff WriterBy Staff WriterNovember 5, 2025No Comments2 Mins Read3 Views
Facebook Twitter Pinterest LinkedIn Tumblr Email
Share
Facebook Twitter LinkedIn Pinterest WhatsApp Email

Essential Insights

  1. CISA Alerts on New Vulnerabilities: Two high-risk vulnerabilities in Gladinet and Control Web Panel (CWP) have been added to CISA’s Known Exploited Vulnerabilities catalog due to evidence of active exploitation.

  2. Severe Risk Scores: CVE-2025-11371 (Gladinet) has a CVSS score of 7.5 for potential file disclosure; CVE-2025-48703 (CWP) scores 9.0, allowing remote code execution via command injection.

  3. Active Exploitation Detected: Huntress reported that unknown actors exploited CVE-2025-11371 to execute reconnaissance commands, indicating urgent remediation is necessary.

  4. Deadline for Federal Agencies: Federal Civilian Executive Branch agencies must apply necessary fixes by November 25, 2025, to mitigate these vulnerabilities and secure their networks.

CISA Expands KEV Catalog with New Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two significant vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These flaws affect Gladinet and Control Web Panel (CWP) software. CISA made this announcement on Tuesday, highlighting evidence of active exploitation. This step aims to elevate awareness and prompt swift mitigation actions among users.

The vulnerabilities include CVE-2025-11371, with a CVSS score of 7.5. It enables unauthorized access to system files through Gladinet CentreStack and Triofox. The second flaw, CVE-2025-48703, carries a higher severity with a CVSS score of 9.0. This command injection vulnerability in CWP permits unauthenticated remote code execution. Recent reports from Huntress indicate that attackers are already exploiting the Gladinet flaw to execute reconnaissance commands.

Implications for Federal Agencies and the Broader Community

Federal Civilian Executive Branch (FCEB) agencies must apply necessary patches by November 25, 2025, to protect their networks. Although CVE-2025-48703 has not been linked to active attacks, the potential for misuse remains concerning. Security researcher Maxime Rinaudo shared critical details about this vulnerability soon after it was patched, indicating the risk involved.

In addition to the recent CISA updates, Wordfence reported vulnerabilities in three popular WordPress plugins. These critical flaws also feature high CVSS scores and pose risks to website owners. Users are advised to update their software and practice strong security measures. As the digital landscape evolves, staying informed and proactive in security practices remains essential for all stakeholders.

Continue Your Tech Journey

Stay informed on the revolutionary breakthroughs in Quantum Computing research.

Discover archived knowledge and digital history on the Internet Archive.

DataProtection-V1

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleSANS Surge 2026 | Cybersecurity Training
Next Article Cyber Threats Unleashed: BadCandy, Firewall Breach, and the Aardvark’s Bug Feast
Avatar photo
Staff Writer
  • Website

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Comments are closed.

Latest Posts

Urgent: Threatening Exploits Targeting SharePoint Server Vulnerability

July 2, 2026

Medtronic Data Breach: Hackers Access Corporate IT Systems

July 2, 2026

FortiBleed Attack: Exposing Password Thefts Behind Lynx Ransomware

July 2, 2026

Scattered Spider Member Extradited for Hacking 100+ Networks

July 2, 2026
Don't Miss

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

Recent Posts

  • Urgent: Threatening Exploits Targeting SharePoint Server Vulnerability
  • Medtronic Data Breach: Hackers Access Corporate IT Systems
  • New ChocoPoC RAT targets researchers with fake exploit repositories
  • Cyble warns PH firms of AI-powered cyberattacks escalating
  • FortiBleed Attack: Exposing Password Thefts Behind Lynx Ransomware
About Us
About Us

Welcome to The CISO Brief, your trusted source for the latest news, expert insights, and developments in the cybersecurity world.

In today’s rapidly evolving digital landscape, staying informed about cyber threats, innovations, and industry trends is critical for professionals and organizations alike. At The CISO Brief, we are committed to providing timely, accurate, and insightful content that helps security leaders navigate the complexities of cybersecurity.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Urgent: Threatening Exploits Targeting SharePoint Server Vulnerability

July 2, 2026

Medtronic Data Breach: Hackers Access Corporate IT Systems

July 2, 2026

New ChocoPoC RAT targets researchers with fake exploit repositories

July 2, 2026
Most Popular

Protecting MCP Security: Defeating Prompt Injection & Tool Poisoning

January 30, 202633 Views

Unlock the Power of Free WormGPT: Harnessing DeepSeek, Gemini, and Kimi-K2 AI Models

November 27, 202530 Views

The New Face of DDoS is Impacted by AI

August 4, 202528 Views

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025

Categories

  • Compliance
  • Cyber Updates
  • Cybercrime and Ransomware
  • Editor's pick
  • Emerging Tech
  • Events
  • Featured
  • Insights
  • Most Read
  • Threat Intelligence
  • Uncategorized
© 2026 thecisobrief. Designed by thecisobrief.
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions

Type above and press Enter to search. Press Esc to cancel.