【Vulnerability Alert】CISA has added 2 vulnerabilities known to be exploited by hackers to the KEV catalog (2025/11/03–2025/11/09) (CVE-2025-48703) (CVE-2025-11371)
Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2025111103111212 | Publication Time | 2025/11/11 15:30 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/11/11 15:30 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】CISA has added 2 vulnerabilities known to be exploited by hackers to the KEV catalog (2025/11/03–2025/11/09) (CVE-2025-48703) (CVE-2025-11371) |
|||
|
[Content] 【Whether it has been exploited by ransomware: Unknown】CWP (also known as Control Web Panel or CentOS Web Panel) contains an operating system command injection vulnerability. This vulnerability allows unauthenticated remote code execution through the t_total parameter in the changePerm request within the file manager. 【CVE-2025-11371】Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability (CVSS v3.1: 7.5) 【Whether it has been exploited by ransomware: Unknown】The default installation and configuration of Gladinet CentreStack and TrioFox allow unauthenticated attackers to access local files, resulting in a file access vulnerability. |
|||
|
[Affected Platform] 【CVE-2025-11371】Versions of CentreStack and TrioFox up to and including 16.7.10368.56560 |
|||
|
[Recommended Actions] 【CVE-2025-11371】Update the corresponding product to the following version (or later): CentreStack and TrioFox versions later than 16.7.10368.56560. |
|||
| [Reference] |
|||
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw