Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CentreStack security update for CVE-2025-11371

Security Patch Release
First reported
Last updated
Happening score
H score 54
1 unique sources, 1 articles

Summary

Hide ▲

Gladinet released a security update for CentreStack to fix CVE-2025-11371, a zero-day local file inclusion flaw affecting business file-sharing deployments. The issue had been abused since late September and could expose Web.config on fully patched systems, letting attackers extract the ASP.NET machine key. The new build, version 16.10.10408.56683, is available now, and administrators are strongly recommended to install it. If upgrading is not possible, a temporary mitigation is to disable the temp handler in Web.config for the UploadDownloadProxy component.

Cases

Gladinet machine-key exploitation chain (5)

Related Happenings

Ivanti security patch release for CVE-2026-8043

Security Patch Release
First: 18.05.2026 13:54 Last: 18.05.2026 13:54 Sources 1

About this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...

Open Happening

Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)

Security Patch Release
First: 15.05.2026 18:56 Last: 15.05.2026 18:56 Sources 1

About this happening: **Avada Builder** shipped **version 3.15.3** as the full fix for **CVE-2026-4782** and **CVE-2026-4798**, closing the plugin flaws that could expose files and database data. A pri...

Open Happening

CPanel security patch release for CVE-2026-29201

Security Patch Release
First: 09.05.2026 10:16 Last: 09.05.2026 10:16 Sources 1

About this happening: **cPanel** released updates for **cPanel and Web Host Manager (WHM)** to fix **three vulnerabilities** that could enable **privilege escalation**, **code execution**, or **denial-...

Open Happening

CPanel security patch release for CVE-2026-41940

Security Patch Release
First: 29.04.2026 12:37 Last: 29.04.2026 12:37 Sources 1

About this happening: **cPanel** released **security updates** for **cPanel and WHM** after an **authentication bypass** flaw could let remote attackers reach control-panel access, with fixes now cover...

Latest development: 04.05.2026 22:14

CVE-2026-41940 in cPanel, WebHost Manager (WHM), and WP Squared was rapidly exploited after public disclosure, with Censys reporting attacks from multiple threat actors within 24 hours and about 15,000 potentially compromised instances in the first day. KnownHost said about 30 managed cPanel servers showed attempted exploitation, WatchTowr Labs published a PoC exploit and technical analysis, and Defused said much of the observed activity copied WatchTowr's PoC exactly.

Open Happening

Microsoft out-of-band security update for ASP.NET Core Data Protection (CVE-2026-40372)

Security Patch Release
First: 22.04.2026 11:08 Last: 22.04.2026 11:08 Sources 1

About this happening: **Microsoft** released **out-of-band security updates** for **CVE-2026-40372**, an **ASP.NET Core Data Protection** flaw that could let attackers forge authentication cookies and...

Open Happening

Timeline

  1. 16.10.2025 18:11 2 articles · 7mo ago

    Gladinet releases CentreStack security update for CVE-2025-11371

    Mitigation Patch Update

    Gladinet released a security update for CentreStack to address CVE-2025-11371, a local file inclusion flaw that had been leveraged as a zero-day since late September. The fixed build is CentreStack version 16.10.10408.56683, and administrators are strongly recommended to install it; if upgrading is not possible, the temp handler in Web.config for the UploadDownloadProxy component can be disabled as a temporary mitigation.

    Show sources
    Open in new tab