CISA Adds Gladinet and Control Web Panel Flaws to Known Exploited Vulnerabilities List

Home/CISA, cyberattack, Cybersecurity, Exploitation, vulnerability/CISA Adds Gladinet and Control Web Panel Flaws to Known Exploited Vulnerabilities List

CISA Adds Gladinet and Control Web Panel Flaws to Known Exploited Vulnerabilities List

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two new security flaws affecting Gladinet and Control Web Panel (CWP) to its Known Exploited Vulnerabilities (KEV) catalog. The agency warned that attackers are actively exploiting these vulnerabilities in real-world attacks.

Details of the Vulnerabilities

CVE-2025-11371 (CVSS 7.5):
A flaw in Gladinet CentreStack and Triofox allows outside users to access files or folders that should be private. This can lead to the unintended leak of system files and sensitive data.

CVE-2025-48703 (CVSS 9.0):
A command injection vulnerability in Control Web Panel (formerly CentOS Web Panel) lets attackers run commands remotely without logging in. The flaw is found in the t_total parameter of the file manager’s changePerm request and can result in full remote code execution.

Evidence of Active Exploitation

Cybersecurity firm Huntress recently observed attack attempts that target CVE-2025-11371. Attackers used Base64-encoded payloads to send system commands like ipconfig /all to gather information from compromised systems.

Meanwhile, there are no confirmed public reports of active attacks using CVE-2025-48703. However, the flaw was disclosed responsibly by researcher Maxime Rinaudo in May 2025 and patched a month later in version 0.9.8.1205.

According to Rinaudo, “It allows a remote attacker who knows a valid username on a CWP instance to run commands on the server without authentication.”

CISA’s Warning and Deadline

Due to the confirmed exploitation, CISA has directed Federal Civilian Executive Branch (FCEB) agencies to apply the required patches no later than November 25, 2025.
Organizations using Gladinet CentreStack, Triofox, or Control Web Panel should update immediately, review their systems for suspicious activity, and monitor logs for signs of intrusion.

Other Exploited WordPress Vulnerabilities

In related news, Wordfence recently warned of critical vulnerabilities being exploited in several WordPress plugins and themes.

  • CVE-2025-11533 (CVSS 9.8) – A privilege escalation flaw in WP Freeio lets attackers gain admin rights during registration.
  • CVE-2025-5397 (CVSS 9.8) – An authentication bypass in Noo JobMonster allows unauthenticated access to admin accounts when social login is enabled.
  • CVE-2025-11833 (CVSS 9.8) – A flaw in Post SMTP lets attackers view email logs and reset admin passwords, potentially leading to full site takeover.

Website owners should update these plugins immediately, use strong passwords, and check their sites for unauthorized users or malware.

Post Views: 18
By | 2025-11-05T12:43:50+05:30 November 5th, 2025|CISA, cyberattack, Cybersecurity, Exploitation, vulnerability|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

Leave A Comment

Subscribe to our newsletter to receive security tips everday!