Active Exploitation of Unpatched LFI Vulnerability in Gladinet Products Leads to Potential RCE

The cybersecurity firm Huntress has reported active exploitation of a zero-day vulnerability in Gladinet CentreStack and TrioFox products. Identified as CVE-2025-11371 with a CVSS score of 6.1, this unauthenticated Local File Inclusion (LFI) vulnerability can lead to unintentional disclosure of system files and potentially Remote Code Execution (RCE). The vulnerability affects all previous versions of the software, posing a significant risk to organizations using these products. Active exploitation in the wild highlights the urgency for organizations to apply patches as soon as they become available. The transition from LFI to RCE underscores the severity of this vulnerability, as it can lead to complete system compromise. Organizations should prioritize patching and implement monitoring mechanisms to detect and respond to exploitation attempts. Network segmentation and adherence to the principle of least privilege can also help mitigate the impact of this vulnerability. This incident serves as a reminder of the critical importance of timely vulnerability management and continuous threat monitoring in maintaining robust cybersecurity defenses.