Local File Inclusion Vulnerability in Gladinet CentreStack and TrioFox
CVE-2025-11371
Key Information:
- Vendor
Gladinet
- Status
- Vendor
- CVE Published:
- 9 October 2025
Badges
What is CVE-2025-11371?
CVE-2025-11371 is a local file inclusion (LFI) vulnerability found in Gladinet CentreStack and TrioFox, which are software solutions designed for cloud management and file sharing. This vulnerability arises from an unauthenticated flaw in the default installation and configuration of the software, which allows an attacker to gain access to system files that should otherwise be protected. The potential for unauthorized file disclosure means that sensitive system information could be exposed, leading to significant repercussions for organizations that rely on these tools for secure file management and collaboration. Affected versions include all prior to and including 16.7.10368.56560, which increases the risk for many users who have not updated their systems.
Potential impact of CVE-2025-11371
-
Unauthorized Data Exposure: The ability to exploit this LFI vulnerability allows attackers to disclose potentially sensitive system files, leading to unauthorized access to confidential information. This data could include user credentials, system configurations, or other critical data that can be leveraged for further attacks or data breaches.
-
Increased Attack Surface: By exposing system files, this vulnerability creates an increased attack surface for malicious actors, potentially leading to more severe exploitations, such as remote code execution or complete system compromise. This makes the overall security posture of an organization significantly weaker, as attackers may gain footholds that allow for subsequent lateral movements within the network.
-
Reputation and Compliance Risks: Organizations affected by this vulnerability risk not only operational disruptions but also reputational damage and loss of customer trust if sensitive data is leaked. Furthermore, they may face legal and regulatory compliance issues, as many industries have strict requirements for data protection and privacy, thus exposing organizations to potential fines and sanctions if they fail to protect sensitive information adequately.
CISA has reported CVE-2025-11371
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-11371 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
CentreStack and TrioFox 0 <= 16.7.10368.56560
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
CISA Warns of Gladinet CentreStack and Triofox Files Vulnerability Exploited in Attacks
CISA warns vulnerability affects system files and directories to unauthorized external access of Gladinet CentreStack and Triofox platforms.
3 weeks ago
CybersecurityNewsCVE-2025-11371CISA Warns of Gladinet CentreStack and Triofox Files Vulnerability Exploited in Attacks
CISA warns vulnerability affects system files and directories to unauthorized external access of Gladinet CentreStack and Triofox platforms.
3 weeks ago
GBHackers NewsCVE-2025-11371CISA Issues Alert on Gladinet CentreStack and Triofox Vulnerabilities Under Active Exploitation
CISA has added a critical vulnerability affecting Gladinet CentreStack and Triofox to its Known Exploited Vulnerabilities catalog, signaling active exploitation in the wild.
3 weeks ago
References
EPSS Score
70% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🦅
CISA Reported
- 🟡
Public PoC available
- 📈
Vulnerability started trending
- 💰
Used in Ransomware
- 👾
Exploit known to exist
- 📰
First article discovered by Cyber Security News
Vulnerability published
Vulnerability Reserved