Executive Summary
In December 2025, the Cybersecurity & Infrastructure Security Agency (CISA) added CVE-2025-14611 (Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability) and CVE-2025-43529 (Apple Multiple Products Use-After-Free WebKit Vulnerability) to its Known Exploited Vulnerabilities (KEV) Catalog following confirmed reports of active exploitation. These flaws allow attackers to gain unauthorized access, execute arbitrary code, and compromise sensitive data by leveraging weaknesses in encryption and browser components. Federal Civilian Executive Branch (FCEB) agencies are mandated to remediate these vulnerabilities by the stipulated deadlines to mitigate risks to critical government infrastructure.
These additions reflect an ongoing surge in sophisticated vulnerability exploitation targeting both proprietary business platforms and widely used consumer products. Emerging attacker tactics and the regulatory environment reinforce the importance of robust, timely vulnerability management—underscoring that prioritizing patching of KEV-listed CVEs is now a best practice for all organizations.
Why This Matters Now
CISA's recent inclusion of these vulnerabilities highlights the increasing volume and severity of active exploitation campaigns. Both public and private sector organizations face urgent risk, as threat actors quickly pivot to exploit newly disclosed flaws. Immediate remediation is essential for compliance and security resilience.
Attack Path Analysis
Attackers exploited newly disclosed vulnerabilities (CVE-2025-14611 and CVE-2025-43529) in public-facing applications to gain an initial foothold. Post-compromise, they escalated privileges using misconfigurations or existing flaws within cloud identities or application logic. By abusing flat network architecture and insufficient segmentation, the adversaries laterally moved across internal workloads. Command and control was maintained through covert channels in east-west or internet-bound traffic. Sensitive data was next exfiltrated over unmonitored or insufficiently governed egress paths. Finally, attackers may have encrypted, destroyed, or abused systems, causing business impact such as data loss or service disruption.
Kill Chain Progression
Initial Compromise
Description
Adversaries exploited Gladinet CentreStack/Triofox and Apple WebKit vulnerabilities to gain unauthorized access to cloud-hosted or hybrid workloads exposed to the internet.
Related CVEs
CVE-2025-14611
CVSS 7.1Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme, potentially allowing arbitrary local file inclusion without authentication.
Affected Products:
Gladinet CentreStack – < 16.12.10420.56791
Gladinet Triofox – < 16.12.10420.56791
Exploit Status:
exploited in the wildCVE-2025-43529
CVSS 8.8A use-after-free vulnerability in Apple's WebKit allows processing of maliciously crafted web content, potentially leading to arbitrary code execution.
Affected Products:
Apple Safari – < 26.2
Apple iOS – < 26.2
Apple iPadOS – < 26.2
Apple macOS – < 26.2
Apple watchOS – < 26.2
Apple tvOS – < 26.2
Apple visionOS – < 26.2
Exploit Status:
exploited in the wild
MITRE ATT&CK® Techniques
Exploit Public-Facing Application
Exploitation for Client Execution
Exploitation of Remote Services
Unsecured Credentials: Credentials In Files
Hijack Execution Flow: DLL Side-Loading
Exploitation for Privilege Escalation
Data Encrypted for Impact
System Information Discovery
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Address Common Vulnerabilities
Control ID: 6.3.3
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA (Digital Operational Resilience Act) – ICT Risk Management Framework
Control ID: Art. 9
CISA ZTMM 2.0 – Known Exploited Vulnerability Remediation
Control ID: Vulnerability Management - Mitigation
NIS2 Directive – Risk and Vulnerability Management
Control ID: Article 21(2)d
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Government Administration
Federal agencies face mandatory remediation requirements under BOD 22-01 for Apple WebKit and Gladinet vulnerabilities, requiring immediate patch management and compliance verification.
Financial Services
Critical exposure through Apple devices and file sharing platforms creates attack vectors for data exfiltration, requiring enhanced vulnerability management and zero trust implementation.
Health Care / Life Sciences
Hard-coded cryptographic vulnerabilities in cloud storage solutions threaten HIPAA compliance, necessitating encrypted traffic controls and secure hybrid connectivity for patient data protection.
Information Technology/IT
Use-after-free WebKit exploits and cryptographic vulnerabilities demand immediate patching, threat detection implementation, and multicloud visibility across enterprise technology infrastructure and client environments.
Sources
- CISA Adds Two Known Exploited Vulnerabilities to Cataloghttps://www.cisa.gov/news-events/alerts/2025/12/15/cisa-adds-two-known-exploited-vulnerabilities-catalogVerified
- Apple Warns of Zero-day Vulnerability Exploited in Attack (CVE-2025-43529)https://threatprotect.qualys.com/2025/12/16/apple-warns-of-zero-day-vulnerability-exploited-in-attack-cve-2025-43529/Verified
- Updaten: Warnung vor Angriffen auf Apple-Lücken und Gladinethttps://www.heise.de/news/Updaten-Warnung-vor-Angriffen-auf-Apple-Luecken-und-Gladinet-11116020.htmlVerified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Comprehensive zero trust segmentation, granular policy enforcement, egress filtering, and real-time threat detection would have contained adversary progression across the kill chain. CNSF-aligned controls reduce initial exploit surface, restrict movement post-compromise, and block covert C2 or data exfiltration.
Control: Cloud Firewall (ACF)
Mitigation: Prevents unauthorized or suspicious inbound connections to vulnerable services.
Control: Zero Trust Segmentation
Mitigation: Restricts lateral privilege escalation by enforcing least-privilege access and isolating workloads.
Control: East-West Traffic Security
Mitigation: Detects and prevents unauthorized movement between cloud workloads.
Control: Inline IPS (Suricata)
Mitigation: Detects and blocks known command and control patterns in network traffic.
Control: Egress Security & Policy Enforcement
Mitigation: Prevents unauthorized data transfer out of the environment.
Detects disruptive or anomalous activities to trigger rapid incident response.
Impact at a Glance
Affected Business Functions
- Data Storage
- Web Browsing
- File Sharing
Estimated downtime: 3 days
Estimated loss: $500,000
Potential exposure of sensitive user data due to arbitrary code execution and unauthorized file access.
Recommended Actions
Key Takeaways & Next Steps
- • Accelerate patching and virtual patching of externally exposed workloads to reduce initial compromise risk.
- • Deploy zero trust segmentation and microsegmentation to minimize lateral movement opportunities within the cloud estate.
- • Implement deep east-west and egress traffic inspection with centralized policy enforcement to detect and block malicious actions early.
- • Enforce strict egress filtering and encryption of data in transit to prevent covert exfiltration and snooping.
- • Continuously monitor for anomalies and integrate threat detection with automated response to limit business impact of successful exploits.
