CISA’s Latest Headache: Gladinet and Microsoft Vulnerabilities Join the Exploited Hall of Shame
CISA adds Gladinet CentreStack and ZTA Microsoft Windows CLFS driver flaws to its Known Exploited Vulnerabilities catalog. With vulnerabilities that could allow remote code execution and privilege escalation, it’s a reminder to update your systems. Otherwise, hackers might just RSVP to your server’s next party uninvited.
Hot Take:
When you hear “CentreStack” and “CLFS” in the same sentence, you know it’s not the latest buddy cop flick — it’s the latest episode of “CISA’s Most Wanted: Vulnerabilities Edition.” While we were all busy trying to remember our Netflix passwords, hackers were cracking hardcoded keys and elevating privileges like they were collecting frequent flyer miles. CISA, as always, swoops in to remind us that patching isn’t just a chore; it’s a life choice.
Key Points:
- Gladinet CentreStack and ZTA Microsoft Windows CLFS Driver vulnerabilities are now on the CISA’s Known Exploited Vulnerabilities (KEV) catalog.
- CVE-2025-30406 is a deserialization flaw with a CVSS score of 9.0, while CVE-2025-29824 is a “Use after free” issue with a CVSS score of 7.8.
- The CentreStack vulnerability can lead to remote code execution (RCE), and the CLFS flaw allows privilege escalation.
- CISA mandates federal agencies to patch these vulnerabilities by April 29, 2025.
- Experts advise private organizations to review and address these vulnerabilities promptly.