CentOS Web Panel remote command execution flaw (CVE-2025-48703)

CISA KEV listing for Wing FTP CVE-2025-47813

About this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...

CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551

About this happening: **CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...

CISA adds WatchGuard Fireware CVE-2025-9242 to KEV catalog

About this happening: CISA **added** **CVE-2025-9242** in **WatchGuard Fireware** to the **KEV catalog**, signaling **active exploitation** and forcing remediation prioritization. The flaw is an **out-...

Gladinet Triofox actively exploited improper access control flaw (CVE-2025-12480)

About this happening: **Gladinet Triofox** is affected by **CVE-2025-12480**, a **critical improper access control flaw** that let attackers reach restricted setup pages and turn the issue into **code...

CISA KEV remediation deadline for CWP exploit

How related: The agency has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog and is giving federal entities subject to the BOD 22-01 guidance until November 25 to apply available security updates and vendor-provided mitigations, or stop using the product.

About this happening: CISA added **CVE-2025-48703** to the **KEV catalog** and set **November 25** as the remediation deadline for federal entities using **CentOS Web Panel (CWP)**. Agencies covered by...