Summary: The Cybersecurity and Infrastructure Security Agency (CISA) has updated its KEV Catalog with two newly identified critical vulnerabilities: CVE-2025-30406 in Gladinet CentreStack and CVE-2025-29824 in Microsoft Windows. Both vulnerabilities are actively exploited and pose significant security risks, necessitating immediate patch application and system updates. Organizations using the affected systems must take urgent measures to mitigate potential exploits and protect their infrastructure.
Affected: Gladinet CentreStack and Microsoft Windows systems
Keypoints :
- CVE-2025-30406 involves a cryptographic key vulnerability in Gladinet CentreStack, allowing remote code execution due to improper handling of hardcoded keys.
- CVE-2025-29824 affects Microsoft Windows CLFS driver with a Use-After-Free vulnerability, enabling local privilege escalation for attackers.
- Both vulnerabilities have received critical ratings from CISA, indicating a need for prompt updates and security measures from affected organizations.
Source: https://thecyberexpress.com/cve-2025-30406-and-cve-2025-29824/