CISA Adds Apple WebKit and Gladinet CentreStack Vulnerabilities to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-43529, a use-after-free vulnerability in Apple’s WebKit engine affecting multiple Apple products, and CVE-2025-14611, a hard-coded cryptographic vulnerability in Gladinet CentreStack and Triofox. These vulnerabilities have been identified as significant risks due to evidence of active exploitation, prompting CISA to require Federal Civilian Executive Branch agencies to remediate them by specified deadlines under Binding Operational Directive 22-01. CISA also strongly encourages all organizations, not just federal agencies, to prioritize remediation of these vulnerabilities to reduce exposure to cyberattacks.
Recent reports indicate that the Apple WebKit vulnerability (CVE-2025-43529) has been exploited in highly targeted attacks, likely involving nation-state actors and commercial spyware vendors, with a focus on high-value individuals. Apple and Google both released urgent security updates in response to these attacks, though details remain limited. The WebKit flaw allows attackers to trigger memory corruption through specially crafted web content, potentially leading to arbitrary code execution. The Gladinet CentreStack and Triofox vulnerability involves hard-coded cryptographic keys, which could be leveraged by attackers to compromise affected systems. Organizations are urged to apply available patches and follow CISA’s guidance to mitigate these threats.
Timeline
Dec 15, 2025
Federal agencies ordered to remediate the two KEV flaws by Jan. 5
Under Binding Operational Directive 22-01, CISA required Federal Civilian Executive Branch agencies to remediate the newly added Apple and Gladinet vulnerabilities by 2026-01-05. CISA also strongly encouraged non-federal organizations to patch or mitigate the issues promptly.
Dec 15, 2025
CISA adds Apple WebKit and Gladinet flaws to KEV Catalog
CISA added CVE-2025-43529 in Apple WebKit and CVE-2025-14611 in Gladinet CentreStack and Triofox to its Known Exploited Vulnerabilities Catalog after evidence of active exploitation. The agency said the flaws pose significant risk and urged organizations to prioritize remediation.
Dec 15, 2025
Apple and Google release updates for exploited Apple WebKit flaw
Apple and Google released urgent security updates for CVE-2025-43529, a use-after-free vulnerability in Apple WebKit, after highly targeted attacks that were likely linked to nation-state actors or commercial spyware vendors. The flaw could allow arbitrary code execution on affected Apple products.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Sources
Related Stories
CISA Flags Actively Exploited Vulnerabilities in SolarWinds Web Help Desk and Major Platforms
**CISA added multiple vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog**, triggering mandatory remediation timelines for U.S. federal civilian agencies. The newly listed issues include an actively exploited flaw in **SolarWinds Web Help Desk** (`CVE-2025-40536`) with an accelerated patch deadline, alongside additional KEV additions affecting **Apple** platforms (iOS, macOS, tvOS, watchOS, visionOS), **Microsoft** products, and **Notepad++**. Apple stated it was aware of reports the issue “may have been exploited in an extremely sophisticated attack against specific targeted individuals,” with **Google Threat Analysis Group** credited with discovery, underscoring continued targeting of high-value users via mobile/endpoint zero-days. Separate reporting highlighted the broader operational context driving these directives: **Microsoft’s February security update** addressed **59 vulnerabilities**, including **six zero-days under active exploitation**, reinforcing that exploit timelines are compressing and patching is increasingly a “defense sprint.” In parallel, CISA also moved to reduce systemic exposure at the perimeter by ordering agencies to **remove unsupported network edge devices** (e.g., firewalls/routers) within a year, reflecting concern that end-of-support infrastructure and rapidly weaponized vulnerabilities are converging into a persistent, high-impact federal risk.
1 months ago
CISA Adds WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox Vulnerabilities to KEV Catalog
CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog to include three newly identified vulnerabilities: an out-of-bounds write in WatchGuard Firebox OS (`CVE-2025-9242`), a race condition in the Microsoft Windows kernel (`CVE-2025-62215`), and improper access control in Gladinet Triofox (`CVE-2025-12480`). These vulnerabilities have been added due to evidence of active exploitation, with risks ranging from remote code execution on network appliances to privilege escalation on Windows systems and unauthorized access to sensitive setup functions in Triofox. CISA emphasizes the critical nature of these flaws and urges immediate patching and mitigation to prevent exploitation. Federal Civilian Executive Branch (FCEB) agencies are mandated under Binding Operational Directive (BOD) 22-01 to remediate these vulnerabilities by the specified deadlines, but CISA also strongly recommends that all organizations prioritize addressing these issues as part of their vulnerability management programs. The addition of these CVEs to the KEV Catalog highlights their significance as attack vectors and the ongoing threat they pose to both government and private sector networks. Organizations should verify their exposure and apply all relevant security updates without delay.
1 months ago
CISA Adds Gladinet CentreStack and CWP Control Web Panel Vulnerabilities to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical vulnerabilities—CVE-2025-11371 in Gladinet CentreStack/Triofox and CVE-2025-48703 in Control Web Panel (CWP)—to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. CVE-2025-11371 is a local file inclusion flaw in Gladinet CentreStack and Triofox that allows unauthenticated access to system files, with reports from Huntress indicating that threat actors have already targeted at least three organizations by running reconnaissance commands via Base64-encoded payloads. CVE-2025-48703 is an unauthenticated remote code execution vulnerability in CWP, exploitable via shell metacharacters in the `t_total` parameter of a filemanager request, though there are currently no public reports of this flaw being weaponized in real-world attacks. CISA has mandated that Federal Civilian Executive Branch (FCEB) agencies apply the necessary patches by November 25, 2025, to mitigate these risks. Both Gladinet and Huntress have issued alerts and recommended workarounds for the actively exploited CentreStack/Triofox vulnerability, such as disabling the temp handler in the UploadDownloadProxy’s web configuration. The addition of these vulnerabilities to the KEV catalog underscores the urgency for organizations using these platforms to implement security updates and monitor for signs of exploitation, especially as technical details for the CWP flaw have been publicly disclosed, increasing the risk of future attacks.
1 months ago