---
title: "CISA Warns of Two Actively Exploited Vulnerabilities—Patch Now"
short_title: "CISA adds two critical exploited vulnerabilities"
description: "CISA has added CVE-2025-14611 and CVE-2025-43529 to its KEV Catalog due to active exploitation. Learn about risks, impacted systems, and mitigation steps."
author: "Vitus"
date: 2025-01-24
categories: [Cybersecurity, Vulnerabilities]
tags: [cisa, cve-2025-14611, cve-2025-43529, cybersecurity, threat-intelligence]
score: 0.87
cve_ids: [CVE-2025-14611, CVE-2025-43529]
---
TL;DR
CISA has added two new vulnerabilities—CVE-2025-14611 (Gladinet CentreStack/Triofox) and CVE-2025-43529 (Apple WebKit)—to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Federal agencies must patch by the deadline, but all organizations are urged to prioritize remediation to reduce exposure to cyberattacks.
---
Main Content
The Cybersecurity and Infrastructure Security Agency (CISA) has escalated its response to two critical vulnerabilities after confirming their active exploitation in the wild. The vulnerabilities, CVE-2025-14611 and CVE-2025-43529, have been added to CISA’s [Known Exploited Vulnerabilities (KEV) Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog), signaling an urgent need for organizations to address them immediately.
These vulnerabilities serve as frequent attack vectors for malicious cyber actors and pose significant risks to both federal and private sector networks. While the Binding Operational Directive (BOD) 22-01 mandates federal agencies to remediate these flaws, CISA strongly recommends that all organizations prioritize patching to mitigate potential threats.
---
Key Points
- CVE-2025-14611: A hard-coded cryptographic vulnerability in Gladinet CentreStack and Triofox, which could allow attackers to decrypt sensitive data or gain unauthorized access.
- CVE-2025-43529: A use-after-free vulnerability in Apple’s WebKit, affecting multiple Apple products. Exploitation could lead to arbitrary code execution or system compromise.
- Federal agencies are required to remediate these vulnerabilities by the specified deadlines under BOD 22-01.
- All organizations are urged to prioritize patching these vulnerabilities to reduce their exposure to cyberattacks.
---
Technical Details
#### CVE-2025-14611: Gladinet CentreStack and Triofox Hard-Coded Cryptographic Vulnerability
This vulnerability stems from the use of hard-coded cryptographic keys in Gladinet CentreStack and Triofox, enterprise file-sharing and collaboration platforms. Hard-coded keys are a severe security risk because they can be easily discovered and exploited by attackers to decrypt sensitive data, bypass authentication, or impersonate legitimate users.
Affected Systems:
- Gladinet CentreStack (all versions prior to the patched release)
- Triofox (all versions prior to the patched release)
#### CVE-2025-43529: Apple WebKit Use-After-Free Vulnerability
This flaw is a use-after-free vulnerability in Apple’s WebKit, the engine powering the Safari browser and other Apple applications. Use-after-free vulnerabilities occur when a program continues to use memory after it has been freed, leading to potential arbitrary code execution or system crashes. Exploitation of this vulnerability could allow attackers to execute malicious code on a victim’s device, often through crafted web content.
Affected Systems:
- iOS and iPadOS devices
- macOS systems running Safari
- Other applications utilizing WebKit (e.g., Mail, App Store)
---
Impact Assessment
The addition of these vulnerabilities to CISA’s KEV Catalog underscores their high severity and active exploitation. Here’s why they matter:
1. Widespread Risk: Both vulnerabilities affect widely used software—Gladinet/Triofox in enterprise environments and WebKit across Apple’s ecosystem. This broadens the potential attack surface.
2. Active Exploitation: Evidence of in-the-wild exploitation means attackers are already leveraging these flaws to compromise systems. Delayed patching increases the risk of data breaches, ransomware attacks, or espionage.
3. Federal Mandate: While BOD 22-01 applies only to federal agencies, the directive serves as a benchmark for best practices in cybersecurity. Private organizations that ignore these warnings do so at their peril.
4. Reputation and Compliance: Failure to address these vulnerabilities could result in compliance violations, regulatory fines, and reputational damage, particularly for organizations handling sensitive data.
---
Mitigation Steps
To protect against these vulnerabilities, organizations and users should take the following actions:
#### For CVE-2025-14611 (Gladinet CentreStack/Triofox):
- Apply Patches: Update to the latest version of Gladinet CentreStack or Triofox immediately. Vendor patches should address the hard-coded cryptographic vulnerability.
- Rotate Cryptographic Keys: If patches are not yet available, rotate all cryptographic keys and credentials associated with the affected systems.
- Monitor for Suspicious Activity: Implement logging and monitoring to detect unauthorized access or data exfiltration attempts.
#### For CVE-2025-43529 (Apple WebKit):
- Update Devices: Ensure all Apple devices (iOS, iPadOS, macOS) are updated to the latest version, which includes patches for WebKit vulnerabilities.
- Disable Safari (Temporarily): If patches cannot be applied immediately, consider disabling Safari or restricting its use to trusted websites only.
- Educate Users: Warn users about the risks of visiting untrusted websites or clicking on suspicious links, as these could trigger the vulnerability.
#### General Recommendations:
- Prioritize KEV Catalog Vulnerabilities: Regularly check CISA’s [KEV Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) and prioritize remediation of listed vulnerabilities.
- Implement a Vulnerability Management Program: Adopt a structured approach to identifying, assessing, and patching vulnerabilities in a timely manner.
- Leverage Threat Intelligence: Stay informed about emerging threats and exploitation trends through sources like CISA, security blogs, and industry reports.
---
Conclusion
The addition of CVE-2025-14611 and CVE-2025-43529 to CISA’s KEV Catalog is a stark reminder of the evolving threat landscape and the importance of proactive cybersecurity measures. While federal agencies are required to act, all organizations must treat these vulnerabilities as a top priority to safeguard their systems and data.
Timely patching, robust monitoring, and a culture of cybersecurity awareness are essential to mitigating risks and staying ahead of malicious actors. Ignoring these warnings could have severe consequences, including data breaches, financial losses, and reputational harm. Act now—before attackers do.
---
References
[^1]: CISA. "[CISA Adds Two Known Exploited Vulnerabilities to Catalog](https://www.cisa.gov/news-events/alerts/2025/12/15/cisa-adds-two-known-exploited-vulnerabilities-catalog)". Retrieved 2025-01-24.
[^2]: CVE Details. "[CVE-2025-14611](https://www.cve.org/CVERecord?id=CVE-2025-14611)". Retrieved 2025-01-24.
[^3]: CVE Details. "[CVE-2025-43529](https://www.cve.org/CVERecord?id=CVE-2025-43529)". Retrieved 2025-01-24.
[^4]: CISA. "[Binding Operational Directive (BOD) 22-01](https://www.cisa.gov/binding-operational-directive-22-01)". Retrieved 2025-01-24.