Screenshot 2025-03-15 170925-modified
CyberTech Nexus
get a quote
CISA Flags Actively Exploited Vulnerabilities in Gladinet, Control Web Panel, and WordPress Plugins
November 5, 2025
Uncategorized

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two newly identified security flaws affecting Gladinet and Control Web Panel (CWP) to its Known Exploited Vulnerabilities (KEV) catalog. This decision comes after evidence confirmed that both vulnerabilities are being actively exploited in the wild.

The first vulnerability, CVE-2025-11371 (CVSS score: 7.5), affects Gladinet CentreStack and Triofox. It involves improperly secured files or directories that can be accessed externally, potentially leading to the unintended disclosure of system files. The second flaw, CVE-2025-48703 (CVSS score: 9.0), is an operating system command injection issue in Control Web Panel (formerly CentOS Web Panel). It enables unauthenticated remote code execution by exploiting shell metacharacters in the t_total parameter of a filemanager changePerm request.

Cybersecurity firm Huntress recently reported that unknown threat actors have been actively exploiting CVE-2025-11371, using the vulnerability to execute reconnaissance commands such as ipconfig /all, often encoded in Base64. Meanwhile, there have been no confirmed real-world attacks exploiting CVE-2025-48703, though security researcher Maxime Rinaudo disclosed the technical details in June 2025 after responsibly reporting the issue a month earlier. Rinaudo explained that the flaw could allow a remote attacker who knows a valid username on a CWP instance to execute arbitrary commands without authentication.

Due to the active exploitation of these vulnerabilities, Federal Civilian Executive Branch (FCEB) agencies have been directed to apply the necessary patches by November 25, 2025, to safeguard their networks.

The addition of these two flaws to the KEV catalog follows reports from Wordfence highlighting the exploitation of several critical vulnerabilities in WordPress plugins and themes. These include:

  • CVE-2025-11533 (CVSS 9.8): A privilege escalation flaw in WP Freeio allowing unauthenticated attackers to assign themselves administrative privileges during registration.
  • CVE-2025-5397 (CVSS 9.8): An authentication bypass issue in Noo JobMonster that lets attackers access administrative accounts when social login is enabled.
  • CVE-2025-11833 (CVSS 9.8): A missing authorization check in Post SMTP, enabling attackers to view email logs, access password reset emails, and change any user’s password, including that of administrators.

Website owners using the affected WordPress plugins are strongly urged to update to the latest versions immediately, strengthen their passwords, and review their sites for possible malware infections or unauthorized user accounts.

🔖Tags: Cybersecurity Awareness vulnerability
Facebook
Twitter

Leave a Reply

Your email address will not be published. Required fields are marked *