CISA Flags Critical Vulnerabilities in Gladinet and Control Web Panel Amid Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently identified and added two significant security vulnerabilities affecting Gladinet and Control Web Panel (CWP) to its Known Exploited Vulnerabilities (KEV) catalog. This action underscores the presence of active exploitation in the wild, highlighting the urgent need for organizations to address these issues promptly.
Detailed Overview of the Vulnerabilities:
1. CVE-2025-11371 (CVSS Score: 7.5): This vulnerability pertains to Gladinet’s CentreStack and Triofox platforms. It involves improper access controls that could lead to unintended disclosure of system files. Specifically, certain files or directories are accessible to external parties, potentially exposing sensitive information.
2. CVE-2025-48703 (CVSS Score: 9.0): Found in Control Web Panel (formerly known as CentOS Web Panel), this flaw is an operating system command injection vulnerability. It allows unauthenticated remote code execution through shell metacharacters in the `t_total` parameter during a `filemanager` `changePerm` request.
Evidence of Active Exploitation:
Cybersecurity firm Huntress has reported active exploitation attempts targeting CVE-2025-11371. Unknown threat actors have been observed leveraging this flaw to execute reconnaissance commands, such as `ipconfig /all`, delivered via Base64-encoded payloads. While specific details on the exploitation of CVE-2025-48703 remain scarce, security researcher Maxime Rinaudo disclosed technical aspects of this vulnerability in June 2025. According to Rinaudo, the flaw enables a remote attacker, who possesses a valid username on a CWP instance, to execute pre-authenticated arbitrary commands on the server.
Mandated Actions and Recommendations:
In response to these active threats, CISA has mandated that Federal Civilian Executive Branch (FCEB) agencies implement the necessary fixes by November 25, 2025, to secure their networks. Organizations utilizing Gladinet’s CentreStack, Triofox, or Control Web Panel are strongly advised to:
– Update Systems Promptly: Apply the latest patches and updates provided by the respective vendors to mitigate these vulnerabilities.
– Review Access Controls: Ensure that access permissions are correctly configured to prevent unauthorized access to sensitive files and directories.
– Monitor for Unusual Activity: Implement continuous monitoring to detect and respond to any signs of exploitation or unauthorized access.
Additional Vulnerabilities in WordPress Plugins and Themes:
In a related development, Wordfence has reported the exploitation of critical security vulnerabilities in three WordPress plugins and themes:
1. CVE-2025-11533 (CVSS Score: 9.8): A privilege escalation vulnerability in WP Freeio allows unauthenticated attackers to grant themselves administrative privileges by specifying a user role during registration.
2. CVE-2025-5397 (CVSS Score: 9.8): An authentication bypass vulnerability in Noo JobMonster enables unauthenticated attackers to sidestep standard authentication and access administrative user accounts, particularly when social login is enabled.
3. CVE-2025-11833 (CVSS Score: 9.8): A lack of authorization checks in Post SMTP permits unauthenticated attackers to view email logs, including password reset emails, and change the password of any user, including administrators, potentially leading to site takeover.
Recommendations for WordPress Users:
Users of the affected WordPress plugins and themes should:
– Update Immediately: Ensure that all plugins and themes are updated to their latest versions to patch known vulnerabilities.
– Strengthen Passwords: Use strong, unique passwords for all administrative accounts to reduce the risk of unauthorized access.
– Conduct Regular Audits: Regularly audit websites for signs of malware, unexpected accounts, or other indicators of compromise.
Conclusion:
The inclusion of these vulnerabilities in CISA’s KEV catalog serves as a critical reminder of the ever-evolving cybersecurity landscape. Organizations must remain vigilant, promptly apply security patches, and implement robust monitoring systems to protect against potential exploits. By taking proactive measures, entities can significantly reduce their risk exposure and safeguard their digital assets.
