11/3至11/9 Known Exploited Vulnerabilities Catalog(KEV)週報

一、漏洞簡述

CISA 於 11/3–11/9 期間在 KEV(Known Exploited Vulnerabilities Catalog)新增 2 個已遭駭客利用之漏洞,影響範圍包含 CWP(Control Web Panel)與 Gladinet(CentreStack、Triofox)。這些弱點可能使攻擊者取得未授權存取或進一步利用系統漏洞執行惡意操作,建議儘速依官方說明進行修補。

二、設備/版本影響

受影響平台:

  • CWP|Control Web Panel

  • Gladinet|CentreStack and Triofox

三、建議處置

修補說明請參考以下官方連結:

CWP|Control Web Panel
https://control-webpanel.com/changelog

Gladinet|CentreStack and Triofox
https://www.centrestack.com/p/gce_latest_release.html

四、相關連結

CVE 編號:

  • CVE-2025-11371

  • CVE-2025-48703

參考資料:

  1. https://www.cisa.gov/known-exploited-vulnerabilities-catalog

  2. https://nvd.nist.gov/vuln/detail/CVE-2025-11371

  3. https://nvd.nist.gov/vuln/detail/CVE-2025-48703