The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two significant security flaws affecting Gladinet and Control Web Panel (CWP) to its Known Exploited Vulnerabilities (KEV) catalog. This action signals that these vulnerabilities are not just theoretical but are actively being exploited by malicious actors in the wild, posing an immediate threat to organizations using these software solutions. The inclusion in the KEV catalog mandates federal agencies to implement necessary patches by a specific deadline to mitigate risks to their networks.
CISA Identifies Exploited Gladinet and CWP Vulnerabilities
CISA announced on November 4, 2025, that it had added two security vulnerabilities to its KEV catalog: CVE-2025-11371 affecting Gladinet and CVE-2025-48703 affecting Control Web Panel (CWP). The agency’s decision stems from evidence indicating that these vulnerabilities are actively being weaponized by threat actors. Federal Civilian Executive Branch (FCEB) agencies are now required to patch these vulnerabilities by November 25, 2025, to enhance their network security posture.
The Gladinet vulnerability, identified as CVE-2025-11371, carries a CVSS score of 7.5. It resides in files or directories accessible to external parties within Gladinet CentreStack and Triofox. This flaw could lead to the unintended disclosure of sensitive system files, potentially providing attackers with crucial information for further exploitation. Cybersecurity firm Huntress had previously detected active exploitation attempts targeting this specific vulnerability, observing threat actors using it to execute reconnaissance commands, such as `ipconfig /all`, disguised within Base64-encoded payloads.
Meanwhile, CVE-2025-48703, rated with a critical CVSS score of 9.0, is an operating system command injection vulnerability in Control Web Panel, formerly known as CentOS Web Panel. This flaw allows unauthenticated remote code execution. Attackers can exploit it by injecting malicious commands through the `t_total` parameter in a file manager’s change permission request, utilizing shell metacharacters. While public reports detailing the real-world weaponization of CVE-2025-48703 are currently limited, security researcher Maxime Rinaudo shared technical details of the flaw in June 2025. Rinaudo noted that the vulnerability allows a remote attacker with knowledge of a valid username on a CWP instance to execute arbitrary pre-authenticated commands on the server.
Broader Exploitation Trends and WordPress Plugins
The inclusion of these two critical network security flaws in the KEV catalog occurs in the wake of other significant exploitation activities. Recently, Wordfence reported on the exploitation of severe vulnerabilities affecting three popular WordPress plugins and themes. These include CVE-2025-11533, a privilege escalation flaw in WP Freeio (CVSS 9.8) that enables unauthenticated attackers to gain administrative privileges; CVE-2025-5397, an authentication bypass vulnerability in Noo JobMonster (CVSS 9.8) allowing unauthenticated access to administrative accounts if social login is enabled; and CVE-2025-11833, a lack of authorization checks in Post SMTP (CVSS 9.8) which permits unauthenticated attackers to view email logs, including password reset emails, and alter any user’s password, leading to site takeover.
Organizations and individuals managing WordPress sites utilizing these specific plugins and themes are strongly advised to update to the latest available versions without delay. Alongside patching, implementing robust password policies and conducting regular audits for signs of malicious activity or unauthorized accounts are crucial steps in maintaining website integrity. The continuous emergence of exploited vulnerabilities underscores the persistent threat landscape and the importance of proactive security measures across all software deployments.
The current focus on these vulnerabilities, particularly those impacting Gladinet and CWP, highlights the ongoing challenge for organizations to stay ahead of emerging threats. The KEV catalog serves as a critical alert system, but successful defense relies on rapid patching and continuous monitoring. The approaching deadline for federal agencies to address CVE-2025-11371 and CVE-2025-48703 will be a key indicator of response effectiveness. Meanwhile, the broader trend of active exploitation of web application vulnerabilities, as seen with the WordPress examples, suggests a continued need for vigilance and comprehensive security strategies across the digital ecosystem.