CVE-2025-11371

nvd nist nuclei

Published: Oct 9, 2025Modified: Nov 5, 2025CISA KEV

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560

Affected (2)

Products: Gladinet: Centrestack, Triofox

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Gladinet Centrestack	Before 16.10.10408.56683
Gladinet Triofox	Up to 16.7.10368.56560

Related CWEs

Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

References (3)

https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw

Source: 5dacb0b8-2277-4717-899c-254586fe4912

ExploitThird Party Advisory

https://www.centrestack.com/p/gce_latest_release.html

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Release Notes

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-11371

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.