Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The US cyber agency says hackers are exploiting vulnerabilities in Gladinet CentreStack and Triofox products and CentOS Web Panel.
The United States Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog.
CVE-2025-11371 is an unauthenticated local file inclusion flaw Gladinet CentreStack and Triofox that was first on 9 October, with cyber security firm Huntress confirming active exploitation on 15 October.
Huntress had been tracking a prior Gladinet vulnerability, CVE-2025-30406, since April 2025, when it noted a new alert regarding exploitation of Gladinet CentreStack software impacting a patched version.
“After subsequent analysis, Huntress discovered exploitation of an unauthenticated local file inclusion vulnerability (CVE-2025-11371) that allowed a threat actor to retrieve the machine key from the application Web.config file to perform remote code execution via the aforementioned ViewState deserialization vulnerability,” Huntress said in a 15 October blog post.
“During our investigation, we saw evidence that Gladinet had engaged with a mutual customer to implement a mitigation. Huntress reached out to Gladinet shortly after this discovery to disclose the flaw, per our standard vulnerability disclosure policy; Gladinet confirmed that it was aware of the vulnerability and was in the process of notifying customers of an immediate workaround.”
CVE-2025-11371 impacts all versions of Gladinet CentreStack and Triofox prior to and including 16.7.10368.56560.
You can find Huntress’ mitigation advice here.
CVE-2025-48703 is a remote code execution vulnerability in CentOS Web Panel, a free web hosting control panel used to manage servers based on CentOS and other RPM-based distributions. French penetration testing firm Fenrisk first disclosed it in a June blog post. It has a CVSS score of 9.0, making it a critical severity vulnerability.
The vulnerability has been patched in the latest version of the software, 0.9.8.1205, as of June.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
