CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence - The Hacker News

CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence Ravie LakshmananNov 05, 2025Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Gladinet and Control Web Panel (CWP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2025-11371 (CVSS score: 7.5) - A vulnerability in files or directories accessible to external parties in Gladinet CentreStack and Triofox that could result in unintended disclosure of system files. CVE-2025-48703 (CVSS score: 9.0) - An operating system command injection vulnerability in Control Web Panel (formerly CentOS Web Panel) that results in unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. The development comes weeks after cybersecurity company Huntress said it detected active exploitation attempts targeting CVE-2025-11371, with unknown threat actors leveraging the flaw to run reconnaissance commands (e.g., ipconfig /all) passed in the form of a Base64-encoded payload. However, there are currently no public reports on how CVE-2025-48703 is being weaponized in real-world attacks. However, technical details of the flaw were shared by security researcher Maxime Rinaudo in June 2025, shortly after it was patched in version 0.9.8.1205 following responsible disclosure on May 13. "It allows a remote attacker who knows a valid username on a CWP instance to execute pre-authenticated arbitrary commands on the server," Rinaudo said. In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary fixes by November 25, 2025, to secure their networks. The addition of the two flaws to the KEV catalog follows reports from Wordfence about the exploitation of critical security vulnerabilities impacting three WordPress plugins and themes - CVE-2025-11533 (CVSS score: 9.8) - A privilege escalation vulnerability in WP Freeio that makes it possible for an unauthenticated attacker to grant themselves administrative privileges by specifying a user role during registration. CVE-2025-5397 (CVSS score: 9.8) - An authentication bypass vulnerability in Noo JobMonster that makes it possible for unauthenticated attackers to sidestep standard authentication and access administrative user accounts, assuming social login is enabled on a site. CVE-2025-11833 (CVSS score: 9.8) - A lack of authorization checks in Post SMTP that makes it possible for an unauthenticated attacker to view email logs, including password reset emails, and change the password of any user, including an administrator, allowing site takeover. WordPress site users relying on the aforementioned plugins and themes are recommended to update them to the latest version as soon as possible, use strong passwords, and audit the sites for signs of malware or the presence of unexpected accounts. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  cybersecurity, data breach, Federal Security, network security, Vulnerability, web security, WordPress Trending News New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine and More 149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 ⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack and Vibe-Coded Malware Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model Popular Resources Identity Controls Checklist: Find Missing Protections in Apps 19,053 Confirmed Breaches in 2025 – Key Trends and Predictions for 2026 Self-Hosted WAF: Block SQLi, XSS, and Bots Before They Reach Your Apps Read CYBER360 2026: From Zero Trust Limits to Data-Centric Security Paths