CISA Adds Gladinet and CWP Flaws to KEV List

**CISA Adds Gladinet and CWP Flaws to KEV List: What Security Leaders Need to Know**

**Introduction**

What happens when vulnerabilities linger in popular yet under-the-radar software products? They become prime targets for exploitation—and recent actions by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirm this growing concern. On November 5, 2025, CISA added critical vulnerabilities in Gladinet’s CentreStack cloud file server and Control Web Panel (CWP) to its Known Exploited Vulnerabilities (KEV) catalog. You can read the full report here: https://thehackernews.com/2025/11/cisa-adds-gladinet-and-cwp-flaws-to-kev.html.

This move underscores an inconvenient truth for CISOs and security leaders: even niche platforms in your stack can become high-priority attack vectors. Both Gladinet and CWP vulnerabilities are being actively exploited, and the organizations using them—directly or indirectly—are now at increased risk.

This post breaks down what these flaws mean for your business, how threat actors are exploiting them, and, most importantly, what actionable steps you can take to secure your environment. Whether you’re a CEO looking to prioritize security investments or a cybersecurity specialist updating your watch list, this is one piece of intelligence you can’t afford to skip.

Let’s cover:

– What makes the Gladinet and CWP flaws significant
– Real-world implications for enterprise environments
– Immediate steps to mitigate risk and tighten your defenses

**Critical Vulnerabilities Now Under Active Exploitation**

Both vulnerabilities added to the KEV list are critically rated, with one (the Gladinet CentreStack flaw) assigned a CVSS score of 9.8. That places it firmly in the “critical” band.

The security issues include:

– **CentreStack (Gladinet) Arbitrary File Upload Vulnerability**: CVE-2024-23897
This flaw allows unauthenticated attackers to upload arbitrary files to a server, essentially giving them a foothold to execute malicious code remotely. It bypasses typical authentication protocols, putting unpatched systems at severe risk.

– **Control Web Panel (CWP) Command Injection Vulnerability**: CVE-2022-44877
This older but still actively exploited vulnerability enables remote command injection through poorly sanitized inputs. Once inside, attackers can escalate privileges or launch lateral attacks within your network.

Why are these two getting attention now? Because attackers are exploiting them in real-world intrusions. As CISA confirms in its directive, federal civilian executive branch (FCEB) agencies must secure affected systems immediately, and private-sector organizations are encouraged to treat this update with equal seriousness.

Both vulnerabilities are especially dangerous because of their potential for initial access. In today’s ransomware-ridden and data-breach-heavy threat landscape, a single point of entry can snowball catastrophically.

**Why These Niche Products Pose a Real Threat**

It’s easy to assume that attackers prefer targeting widely used platforms like Microsoft Exchange or Apache. But there’s growing evidence that shows cybercriminals are casting a much wider net—including niche and third-party tools that don’t always get the same level of scrutiny.

Let’s consider why this matters:

– **Widespread Use in SMBs and Hosting Providers**:
Gladinet’s CentreStack is popular among smaller businesses looking to host secure file-sharing environments. CWP meets the needs of web hosting services and dev teams by simplifying server management. While they may not be household names, they often exist in the background of outsourced IT operations.

– **Low Patch Compliance**:
A 2023 report by Mandiant found that nearly 60% of companies take more than 90 days to apply critical patches for third-party software. These vulnerabilities fly under the radar, and by the time they’re addressed, attackers may already be in.

– **Trusted Position Within Networks**:
Both CentreStack and CWP typically require significant access privileges to function. That makes any vulnerability in them particularly dangerous—you’re not just protecting another app; you’re shielding a potential control hub.

For CISOs and IT leadership, that means expanding asset inventories and vulnerability assessments to include these often-overlooked applications. Skipping them isn’t just a gap—it’s an open door.

**Steps You Can Take Now**

So, what’s the immediate playbook for addressing this situation? Here’s a step-by-step approach you can share with your teams or vendors:

**1. Identify Your Exposure**

– Start by auditing your environment for any installations of Gladinet CentreStack or Control Web Panel. Don’t forget to check shadow IT and contractor environments.
– Use scanning tools like Nessus or Qualys to surface vulnerable versions of these platforms.

**2. Patch or Isolate**

– For CentreStack, update to the latest version as specified by the vendor.
– For CWP, ensure that the patch for CVE-2022-44877 is applied. If patching isn’t immediately feasible, isolate the application and restrict network access.
– Disable internet-facing access where possible, especially for systems not in active use.

**3. Monitor and Harden**

– Monitor logs and network traffic for unusual activity—unexplained file uploads or shell activity can signal compromise.
– Use endpoint detection and response (EDR) tools to track lateral movement if a system is breached.
– Harden these systems with best practices: enforce least privilege, use MFA for admin accounts, and segment critical systems from one another.

**4. Add to Your Monthly Threat Review**

– Include KEV-listed vulnerabilities in your monthly risk briefings and patch management conversations.
– Prioritize patching based on not just CVSS scores but also CISA threat intelligence and active exploitation markers.

According to the Ponemon Institute, 52% of data breaches in 2024 involved vulnerabilities that had been known for more than a year. The common denominator wasn’t malware—it was delay.

**Conclusion**

As CISA continues to update its KEV list, the line between obscure software and high-risk systems is blurring. The recent inclusion of Gladinet and CWP vulnerabilities serves as a reminder that in today’s threat landscape, no tool is too minor to be exploited.

If you’re a CEO or CISO, this is a moment to ask tough questions: Are we tracking all our software assets? Are we patching beyond the “big name” platforms? And are our incident response procedures agile enough to keep up with real-time threat data?

Your next breach may not come from the software you think of daily—but from the one you forgot you even installed.

Now’s the time to integrate CISA’s KEV catalog into your vulnerability management program. You can monitor future updates directly at the source: https://www.cisa.gov/known-exploited-vulnerabilities-catalog.

**Act today**:

– Reassess your inventory for Gladinet and CWP instances.
– Patch or segment high-risk systems immediately.
– Make CISA’s KEV list part of your ongoing threat intelligence feeds.

Every overlooked vulnerability is someone else’s attack vector. Let’s make sure it’s not yours.