CISA Sounds the Alarm: New Vulnerabilities Added to Exploited Catalog – Patch Now or Pay Later!
CISA has added Gladinet CentreStack and CWP Control Web Panel flaws to its Known Exploited Vulnerabilities catalog. These flaws, including a spicy OS command injection vulnerability, could make your IT department’s hair stand on end. Federal agencies have until November 25 to patch these vulnerabilities—or face wrath akin to forgetting your anniversary.
Hot Take:
Looks like CISA is updating its digital shopping list of vulnerabilities. This time, they’ve added a couple of new ‘must-fix’ items that are hotter than a jalapeño on a summer day. Think of it as Black Friday for cybercriminals, but with no discounts and a lot more paperwork for IT departments. Stay safe out there, folks — and remember, patching is the new black!
Key Points:
- CISA adds two new vulnerabilities to its Known Exploited Vulnerabilities Catalog.
- CentreStack and Triofox’s Local File Inclusion flaw (CVE-2025-11371) can be exploited to access system files without authentication.
- CWP Control Web Panel’s OS Command Injection flaw (CVE-2025-48703) allows remote command execution.
- Federal agencies are required to patch these vulnerabilities by November 25, 2025.
- Private organizations are also advised to address these vulnerabilities.
Already a member? Log in here