Skip to main content

On This Page
← AI News
AI News Cyber Security Software Vulnerability

CISA Adds Gladinet and CWP Vulnerabilities to KEV Catalog Amid Active Exploitation

3 min read
Share

These articles are AI-generated summaries. Please check the original sources for full details.

CISA Adds Gladinet and CWP Vulnerabilities to KEV Catalog Amid Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog to include two critical flaws in Gladinet and Control Web Panel (CWP), citing evidence of active exploitation in the wild. These additions follow reports of exploitation attempts targeting WordPress plugins, underscoring the urgency for organizations to apply patches and mitigate risks.

CISA’s Action and Deadlines

  • KEV Catalog Update: CISA added CVE-2025-11371 (Gladinet) and CVE-2025-48703 (CWP) to its KEV catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to patch systems by November 25, 2025.
  • Purpose: The KEV catalog identifies vulnerabilities actively exploited in the wild, helping organizations prioritize remediation efforts.
  • Impact: Failure to patch by the deadline could expose federal systems to unauthorized access, data breaches, or ransomware attacks.

Vulnerability Details and Risks

CVE-2025-11371 (Gladinet)

  • CVSS Score: 7.5
  • Description: A file disclosure vulnerability in Gladinet CentreStack and Triofox, allowing attackers to access system files via external endpoints.
  • Exploitation: Huntress detected active attempts to exploit this flaw, with attackers using Base64-encoded payloads to run reconnaissance commands (e.g., ipconfig /all).
  • Risk: Potential exposure of sensitive system data, enabling further attacks.

CVE-2025-48703 (CWP)

  • CVSS Score: 9.0
  • Description: A command injection vulnerability in CWP, allowing unauthenticated attackers to execute arbitrary commands via the t_total parameter in filemanager requests.
  • Exploitation: While no public attacks have been reported yet, researcher Maxime Rinaudo disclosed the flaw in June 2025, and it was patched in version 0.9.8.1205.
  • Risk: Full server compromise via remote code execution (RCE), enabling data theft or system takeover.

WordPress Plugin Vulnerabilities

CISA also highlighted three critical flaws in WordPress plugins, all with CVSS scores of 9.8:

  1. CVE-2025-11533 (WP Freeio)

    • Issue: Privilege escalation allows unauthenticated users to gain admin access by specifying a user role during registration.
    • Impact: Unauthorized control over WordPress sites, leading to data manipulation or defacement.

  2. CVE-2025-5397 (Noo JobMonster)

    • Issue: Authentication bypass enables attackers to access admin accounts if social login is enabled.
    • Impact: Unauthorized access to sensitive user data and administrative controls.

  3. CVE-2025-11833 (Post SMTP)

    • Issue: Lack of authorization checks allows viewing email logs (including password resets) and changing user passwords.
    • Impact: Potential for site takeover via password reset manipulation.

Mitigation Measures

  • Patch Management: Apply updates for Gladinet, CWP, and WordPress plugins immediately.
  • Password Security: Use strong, unique passwords and enable two-factor authentication (2FA).
  • Monitoring: Audit systems for unauthorized accounts, malware, or suspicious activity.
  • Deadline Compliance: FCEB agencies must meet the November 25, 2025 deadline to avoid regulatory and security risks.

Reference

Read the full article here

Continue reading

Next article

Kiponos: Revolutionizing Real-Time Configuration Management for DevOps

Related Content

Jan 24, 2026

CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog

CISA added CVE-2024-37079, a critical VMware vCenter vulnerability with a 9.8 CVSS score, to its KEV list due to confirmed exploitation in the wild.

Read article
Nov 22, 2025

CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability

CISA added CVE-2025-61757, a critical 9.8 CVSS-rated flaw in Oracle Identity Manager, to its KEV catalog due to active exploitation.

Read article
Oct 29, 2025

Active Exploits Target Dassault Systèmes and XWiki Vulnerabilities, Delivering Crypto Miners

CISA and VulnCheck reveal active exploitation of critical flaws in Dassault Systèmes DELMIA Apriso and XWiki, enabling crypto mining attacks. Patches are available, but urgency is emphasized.

Read article