CVE-2025-11371
KEVGladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability
7.5
HighPublished:
Last updated:
Source:5dacb0b8-2277-4717-899c-254586fe4912
Analyzed
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- None
- Availability
- None
Description
In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560
References
5dacb0b8-2277-4717-899c-254586fe4912
https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.centrestack.com/p/gce_latest_release.html134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-11371