Gladinet Patches Actively Exploited Zero-Day LFI Vulnerability in CentreStack

Gladinet has released security updates for its CentreStack enterprise file-sharing solution to address an actively exploited local file inclusion (LFI) vulnerability, tracked as CVE-2025-11371. This zero-day vulnerability has been exploited by malicious actors since late September, allowing unauthorized local file inclusion. LFI vulnerabilities can lead to sensitive data exposure, remote code execution, or further system compromise. Given the active exploitation in the wild, organizations using CentreStack are strongly advised to apply the available patches immediately to mitigate the risk. Additionally, reviewing logs for unusual file access and implementing network segmentation can help detect and contain potential breaches. This incident underscores the critical importance of timely patch management and continuous monitoring in enterprise environments.