The U.S. CISA has added two critical vulnerabilities in Gladinet and Control Web Panel to its KEV catalog due to active exploitation. These flaws include remote code execution and system file disclosure, posing significant risks to affected organizations. #Gladinet #ControlWebPanel
Keypoints
- CISA has identified active exploitation of vulnerabilities affecting Gladinet and CWP.
- CVE-2025-11371 can lead to unintended disclosure of system files in Gladinet products.
- CVE-2025-48703 allows unauthenticated remote code execution in Control Web Panel.
- FCEB agencies must implement fixes for these vulnerabilities by November 25, 2025.
- WordPress plugin vulnerabilities also pose risks, requiring immediate updates and security checks.
Read More: https://thehackernews.com/2025/11/cisa-adds-gladinet-and-cwp-flaws-to-kev.html