News

Gladinet Patches CVE-2025-11371 Zero-Day in CentreStack File-Sharing Software

Luciano Ferrari

17 Oct 2025 — 3 min read

Friday, October 17, 2025

Top 5 Cybersecurity Stories You Should Know

Gladinet Patches CVE-2025-11371 Zero-Day in CentreStack File-Sharing Software — tl;dr: Gladinet has released a security update for its CentreStack business solution to address a critical local file inclusion vulnerability (CVE-2025-11371) that has been actively exploited since late September. This flaw allows attackers to read sensitive files, including the Web.config file, which can lead to remote code execution via another vulnerability (CVE-2025-30406). Users are urged to upgrade to CentreStack version 16.10.10408.56683 immediately. If an upgrade is not feasible, disabling the temp handler in the Web.config file is recommended as a temporary mitigation measure.
↪ https://www.bleepingcomputer.com/news/security/gladinet-fixes-actively-exploited-zero-day-in-file-sharing-software/
Two Windows Zero-Days Exploited: CVE-2025-24990 and CVE-2025-59230 — tl;dr: Microsoft has reported two critical Windows zero-day vulnerabilities, CVE-2025-24990 and CVE-2025-59230, both rated 7.8 on the CVSS scale, which are actively exploited in the wild. CVE-2025-24990 affects the Agere Modem Driver, present in all Windows versions, allowing local attackers to elevate privileges. CVE-2025-59230 targets the Remote Access Connection Manager, also enabling privilege escalation. Organizations must prioritize patching these vulnerabilities, especially with Microsoft ending support for Windows 10, to mitigate potential attacks. These flaws have been added to the CISA's Known Exploited Vulnerabilities catalog, requiring federal agencies to act by November 4, 2025.
↪ https://thehackernews.com/2025/10/two-new-windows-zero-days-exploited-in.html
Government Ransomware Attacks Surge 41% in 2025; Qilin Leads with Major Breaches — tl;dr: In the first three quarters of 2025, government organizations experienced a 41% increase in ransomware attacks, totaling 276 incidents, with 147 confirmed. The average ransom demand reached $1.95 million, with notable breaches affecting over 443,000 records, primarily from the Pierce County Library System. Qilin emerged as the most active ransomware group, responsible for numerous high-profile attacks, including disruptions in public schools. Governments must enhance cybersecurity measures and incident response protocols to mitigate risks and protect sensitive data from such escalating threats.
↪ https://www.comparitech.com/news/government-ransomware-roundup-q1-q3-2025-stats-on-attacks-ransoms-and-data-breaches/
Microsoft October 2025 Patch Tuesday: 175 CVEs, 3 Actively Exploited — tl;dr: Microsoft's October 2025 Patch Tuesday addresses over 175 vulnerabilities, including three actively exploited flaws. Notable issues include CVE-2025-24990 and CVE-2025-59230, both rated 7.8 for elevation of privilege, affecting all supported Windows versions. Additionally, CVE-2025-59287, with a CVSS score of 9.8, poses a remote code execution risk in Windows Server Update Services. Organizations must prioritize these patches to mitigate potential attacks. Other vendors like Adobe and SAP also released critical updates, emphasizing the need for prompt action across all platforms.
↪ https://www.theregister.com/2025/10/14/microsoft_october_2025_patch_tuesday/
ExcelMindCyber Institute Launches 90-Day Cybersecurity Career Program for Non-IT Professionals — tl;dr: ExcelMindCyber Institute has introduced a 90-day fast-track training program aimed at non-IT professionals seeking careers in cybersecurity, specifically in Governance, Risk, and Compliance (GRC). This initiative eliminates traditional barriers such as prior IT experience or costly certifications, enabling graduates from diverse backgrounds to secure six-figure roles in a rapidly growing field. With the cybersecurity workforce facing significant shortages, this program addresses the urgent demand for skilled GRC specialists, providing accessible pathways for career transformation. Professionals interested in entering this lucrative sector can explore this unique opportunity at ExcelMindCyber Institute.
↪ https://markets.financialcontent.com/stocks/article/newsfile-2025-10-17-excelmindcyber-institute-launches-fast-track-cybersecurity-career-program