451/68 Friday, November 7, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added vulnerabilities affecting Gladinet CentreStack / Triofox and CWP Control Web Panel to its Known Exploited Vulnerabilities (KEV) catalog. CentreStack and Triofox are enterprise solutions for Enterprise File Sharing and hybrid cloud storage, enabling secure access to file servers and SMB/NFS resources and supporting remote work without moving data out of the corporate network. The CWP Control Web Panel vulnerability affects servers running impacted versions of CentOS.
The vulnerabilities added to KEV are:
- CVE-2025-11371 (CVSS 7.5) – A Local File Inclusion (LFI) flaw in Gladinet CentreStack and Triofox that can allow an internal user to access system files without authentication. This issue has been treated as a zero-day and has been observed in active exploitation; security firm Huntress reported at least three customer incidents. Huntress has recommended a temporary mitigation of disabling the temp handler in UploadDownloadProxy/Web.config.
- CVE-2025-48703 (CVSS 9.0) – An OS command injection flaw in CWP Control Web Panel that can allow unauthenticated attackers to execute commands on the server if a valid system username is known. This issue was disclosed by researcher Maxime Rinaudo and has been patched in version 0.9.8.1205.
CISA has directed U.S. federal agencies to remediate both vulnerabilities by November 25, 2025, and recommends that private sector organizations urgently review and update their systems, as these vulnerabilities are actively exploited and could permit unauthorized access to data or remote command execution on affected servers.
