New Cybersecurity Alert: CISA Flags Exploited Flaws in Gladinet and Control Web Panel
If you run a company or manage any sort of online service, you’ll want to keep reading. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has just thrown up a red flag about two software vulnerabilities that hackers are actively taking advantage of. These issues are found in platforms known as Gladinet Cloud Enterprise and Control Web Panel (CWP).
Why does this matter? Because any system exposed to the internet that uses these tools could easily be compromised by attackers. CISA’s warning should be a wake-up call for organizations and IT administrators everywhere.
So, what’s the big deal about these vulnerabilities?
Let’s break it down in simple terms. Think of your business website or cloud tools as your digital office building. You probably lock the doors, have a security system in place, and maybe even a front desk to monitor who’s coming in and out. A vulnerability in software is like discovering there’s a secret door around the back that you didn’t know existed… and hackers just figured out how to open it.
CISA has added these two software flaws to its Known Exploited Vulnerabilities (KEV) catalog. This list includes bugs that hackers are already using to attack real systems, not just theoretical problems. That means these vulnerabilities are not just risks – they are active threats.
Highlighted Vulnerabilities and What They Affect
Here are the two key vulnerabilities CISA has spotlighted:
- Gladinet Cloud Enterprise (aka CentreStack): This file-sharing and collaboration platform is used by many businesses to share data securely. An old vulnerability from way back in 2022 (specifically, version 12.8.1029.530) allows attackers to bypass login authentications altogether. That’s like walking into a bank with no ID and getting access to the vault.
- Control Web Panel (CWP): This is a control panel often used on Linux servers to manage websites, users, file systems, etc. A 2022 bug in CWP (specifically, version 7.0.0.9) lets attackers run malicious code on the server without needing permission. Once in, they can do pretty much anything: steal data, plant ransomware, or even disrupt services for good.
Both vulnerabilities are being actively exploited in the wild, which is a fancy way of saying that cybercriminals are already using them to attack unsuspecting systems.
Why are these flaws suddenly getting attention?
You might be wondering – if these vulnerabilities are from 2022, why is CISA raising the alarm now in 2025?
That’s a great question. Just because a vulnerability is old doesn’t mean it’s no longer dangerous. In fact, older vulnerabilities are often even more dangerous when organizations fail to patch them. Many companies either miss the updates or avoid upgrading out of fear that something else might break.
Hackers know this. They actively scan the internet looking for outdated and unpatched systems. Once they find one, it becomes their playground. And unfortunately, many IT systems remain unpatched for months or even years.
What should you do if you use CWP or CentreStack?
First things first – check your systems now. If you or your IT team uses Gladinet (CentreStack) or Control Web Panel, it’s crucial to see if you’re running one of the affected versions.
Here’s a quick action list:
- Update immediately: If you’re using versions known to have vulnerabilities, install the latest security updates or patches provided by the software developers.
- Verify and monitor: Check for any signs that your systems might have been compromised. Look into logs and error reports for suspicious activity.
- Lock it down: Follow best practices for security. That means using strong authentication methods, disabling unused features, and limiting admin access.
If you’re unsure how to do this, now is a good time to reach out to your IT support team or cybersecurity consultant.
This Isn’t Just a Tech Issue – It’s a Business Issue
Cybersecurity might sound like something only your IT team needs to worry about. But the truth is, one small breach can snowball into major consequences.
Imagine customer data being stolen, financial losses from a ransomware attack, or your services crashing in the middle of a busy day. All of that can happen if your software has open vulnerabilities that hackers can easily exploit.
In recent years, organizations of all sizes – from hospitals to small accounting firms – have suffered serious breaches because of unpatched systems. What’s even more heartbreaking? Many of those attacks could have been prevented with a simple update.
Why CISA’s KEV Catalog Matters
CISA’s Known Exploited Vulnerabilities (KEV) catalog is meant to help professionals and organizations quickly identify the most urgent cybersecurity threats. By flagging these two flaws as exploited, they’re telling us: This is happening right now. You need to act.
To make it even more clear, federal agencies are now required to patch these vulnerabilities by December 11, 2025. While this directive only applies to federal bodies, it’s a strong signal for everyone else to follow suit.
Don’t Wait Until It’s Too Late
If your organization relies on remote file sharing, cloud storage, or web server management tools, you could be using one of these vulnerable platforms without even realizing it. The cost of prevention is almost always less than the cost of recovery.
Taking this seriously now could save you from a data disaster later.
Stay One Step Ahead
Here are a few ways to stay protected in the long run:
- Regular patching: Make it a routine to check for system and software updates every month.
- Security awareness: Keep your staff informed. Sometimes it only takes one overlooked update or risky click to open the door to attackers.
- Back up data: Always have secure, offsite backups in case something goes wrong. That way, you won’t lose everything during an attack.
- Use vulnerability scanning tools: These tools run checkups on your system, alerting you if you’re exposed to known risks.
Final Thoughts
Knowing about vulnerabilities is half the battle. Acting on them is where the real defense begins.
CISA’s latest warning about Gladinet CentreStack and Control Web Panel is more than just a tech note – it’s a real-world alert that organizations everywhere need to take action on. With real attacks already happening, there’s no excuse to delay updates or assume “it won’t happen to us.”
Stay secure, stay informed, and make cybersecurity a team effort. After all, in the digital age, a locked door could be all that stands between safety and chaos.
Keep an eye out for more updates from CISA and trusted cybersecurity sources to stay one step ahead of the threats.