Essential Insights
-
CISA Alerts on New Vulnerabilities: Two high-risk vulnerabilities in Gladinet and Control Web Panel (CWP) have been added to CISA’s Known Exploited Vulnerabilities catalog due to evidence of active exploitation.
-
Severe Risk Scores: CVE-2025-11371 (Gladinet) has a CVSS score of 7.5 for potential file disclosure; CVE-2025-48703 (CWP) scores 9.0, allowing remote code execution via command injection.
-
Active Exploitation Detected: Huntress reported that unknown actors exploited CVE-2025-11371 to execute reconnaissance commands, indicating urgent remediation is necessary.
-
Deadline for Federal Agencies: Federal Civilian Executive Branch agencies must apply necessary fixes by November 25, 2025, to mitigate these vulnerabilities and secure their networks.
CISA Expands KEV Catalog with New Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two significant vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These flaws affect Gladinet and Control Web Panel (CWP) software. CISA made this announcement on Tuesday, highlighting evidence of active exploitation. This step aims to elevate awareness and prompt swift mitigation actions among users.
The vulnerabilities include CVE-2025-11371, with a CVSS score of 7.5. It enables unauthorized access to system files through Gladinet CentreStack and Triofox. The second flaw, CVE-2025-48703, carries a higher severity with a CVSS score of 9.0. This command injection vulnerability in CWP permits unauthenticated remote code execution. Recent reports from Huntress indicate that attackers are already exploiting the Gladinet flaw to execute reconnaissance commands.
Implications for Federal Agencies and the Broader Community
Federal Civilian Executive Branch (FCEB) agencies must apply necessary patches by November 25, 2025, to protect their networks. Although CVE-2025-48703 has not been linked to active attacks, the potential for misuse remains concerning. Security researcher Maxime Rinaudo shared critical details about this vulnerability soon after it was patched, indicating the risk involved.
In addition to the recent CISA updates, Wordfence reported vulnerabilities in three popular WordPress plugins. These critical flaws also feature high CVSS scores and pose risks to website owners. Users are advised to update their software and practice strong security measures. As the digital landscape evolves, staying informed and proactive in security practices remains essential for all stakeholders.
Continue Your Tech Journey
Stay informed on the revolutionary breakthroughs in Quantum Computing research.
Discover archived knowledge and digital history on the Internet Archive.
DataProtection-V1
