CVE-2025-11371

Published Oct 9, 2025

Last updated a month ago

Exploit knownCVSS high 7.5
Gladinet CentreStack

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-11371 is an unauthenticated local file inclusion vulnerability found in Gladinet CentreStack and TrioFox. It exists in the default installation and configuration of these applications. The vulnerability allows attackers to read sensitive system files without authentication. Exploitation of this vulnerability has been observed in the wild. The vulnerability impacts all versions of Gladinet CentreStack and TrioFox up to and including 16.7.10368.56560. By exploiting this flaw, a threat actor can retrieve the machine key from the application's Web.config file. This key can then be used to perform remote code execution via a ViewState deserialization vulnerability.

Description
In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild.  This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560
Source
5dacb0b8-2277-4717-899c-254586fe4912
NVD status
Analyzed
Products
centrestack, triofox

Insights

Analysis from the Intruder Security Team
Published Oct 13, 2025 Updated Oct 13, 2025

Note that the public CVSS score for this vulnerability is too low - it has been scored as if it was a local vulnerability, when it can be exploited remotely.

This vulnerability is essentially a remote code execution vulnerability, as an attacker can use the LFI to obtain the Machine Key for the installation and then leverage this in the same way as a previous vulnerability discovered earlier in the year.

Attackers have knowledge of how to exploit this and there is no patch currently available. If you have an exposed instance, you must apply the mitigation discussed by Huntress in their post and consider that the server may be compromised.

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability
Exploit added on
Nov 4, 2025
Exploit action due
Nov 25, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-552

Social media

Hype score
Not currently trending

  1. CVE-2025-11371 - Gladinet CenterStack LFI vulnerability exploited in the wild https://t.co/Os9wGQPRXO https://t.co/Dy35iNDCla

    @shbertin

    27 Nov 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. #VulnerabilityReport #CVE202511371 Exploited Zero-Day: Gladinet/Triofox Flaw CVE-2025-11371 Allows RCE via LFI https://t.co/e9PYYbww28

    @Komodosec

    16 Nov 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 New plugin: GladinetPlugin (CVE-2025-11371, CVE-2025-30406, CVE-2025-12480). Gladinet CentreStack/Triofox LFI, RCE, and auth bypass vulnerability detection. Results: https://t.co/l4VMYOgYoQ https://t.co/3p5n4aSA44

    @leak_ix

    12 Nov 2025

    462 Impressions

    1 Retweet

    4 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 Threat Alert: CVE-2025-11371 Unauthenticated Local File Inclusion Vulnerability in Gladinet CentreStack and TrioFox 🚨 A critical vulnerability has been identified in the default installation and configuration of Gladinet CentreStack and TrioFox. This flaw, classified as

    @ArmisSecurity

    10 Nov 2025

    87 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 Gladinet CentreStack [—] Nov 10, 2025 Product Security Advisory regarding CVE-2025-11371. Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1 https://t.co/QuwNtEgYh1 #ThreatIntelligence #CyberSecurity #Innovation #LLM https://t.co/IlMbEvmJJM

    @transilienceai

    10 Nov 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. ⚡️CISA just added two new flaws to its list of exploited ones. One is already being used in the wild, and the other was fixed months ago but is still open on a lot of servers. One flaw in Control Web Panel lets hackers run commands before they log in. CVE-2025-11371 (CVSS

    @AnonOzzyDude

    8 Nov 2025

    231 Impressions

    0 Retweets

    5 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 Gladinet CentreStack Security Advisory [—] Nov 08, 2025 Comprehensive security advisory for Gladinet CentreStack, addressing CVE-2025-11371 and related vulnerabilities. Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1... https://t.co/lIO4eR20MG

    @transilienceai

    8 Nov 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨 CISA adds 2 critical bugs to KEV: CVE-2025-11371 (file leak) & CVE-2025-48703 (RCE). Huntress sees active attacks. Patch NOW!

    @CentlogixAgency

    8 Nov 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨 Critical LFI in Gladinet CentreStack / TrioFox – CVE-2025-11371 Affects versions ≤ 16.7.10368.56560 Unauthenticated file inclusion👇 disclose Web Config File👇 forge ViewState👇 RCE Actively exploited & in CISA KEV catalog

    @bountyayush

    6 Nov 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. CISA Alert: Two new vulns added to the KEV catalog: • CVE-2025-11371 – Gladinet (file exposure) • CVE-2025-48703 – CWP (unauth RCE) Patch by Nov 25. Also flagged: active exploits in 3 WordPress plugins. #Cybersecurity #CISA #KEV #Infosec #Vulnerability https://t.co/E9fD

    @CloneSystemsInc

    5 Nov 2025

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 📌 أضافت وكالة الأمن السيبراني والبنية التحتية الأمريكية (CISA) ثغرتين أمنيّتين في Gladinet وControl Web Panel (CWP) إلى سجل الثغرات المستغلة المعروفة، بسبب أدلة على است

    @Cybercachear

    5 Nov 2025

    56 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🚨CVE-2025-48703 and CVE-2025-11371 have been added to the CISA KEV Catalog. https://t.co/9idGUAHIKd

    @DarkWebInformer

    4 Nov 2025

    3578 Impressions

    6 Retweets

    12 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  13. Today @CISACyber🛡️added Gladinet CentreStack and Triofox vulnerability CVE-2025-11371 & CWP vulnerability CVE-2025-48703 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/LMm64iCTbf & apply mitigation to protect your org from cyberattacks. #Cybersecu

    @7thGensec

    4 Nov 2025

    58 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🛡️ We added Gladinet CentreStack and Triofox vulnerability CVE-2025-11371 & CWP vulnerability CVE-2025-48703 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoS

    @CISACyber

    4 Nov 2025

    5216 Impressions

    11 Retweets

    30 Likes

    1 Bookmark

    1 Reply

    1 Quote

  15. CVE-2025-11371 - Gladinet CenterStack LFI vulnerability exploited in the wild https://t.co/pCiFTBbiPv https://t.co/Oeqlfuz7hX

    @kevinpollock

    4 Nov 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. CVE-2025-11371 - Gladinet CenterStack LFI vulnerability exploited in the wild https://t.co/bRUxbWM0MA https://t.co/wRrTj1UVnj

    @SirajD_Official

    3 Nov 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. CVE-2025-11371 - Gladinet CenterStack LFI vulnerability exploited in the wild https://t.co/pAFe8A2IXo https://t.co/wNAqq57yoC

    @CloudVirtues

    1 Nov 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 🚨 TrioFox Product Security Advisory [—] Oct 19, 2025 Analysis of CVE-2025-11371 Local File Inclusion Vulnerability Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1 https://t.co/QuwNtEgYh1 #ThreatIntelligence #CyberSecurity #LLM https://t.co/WDs2UFoYGZ

    @transilienceai

    19 Oct 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 🚨 Gladinet CentreStack [—] Oct 19, 2025 Product Security Advisory regarding CVE-2025-11371 and associated risks. Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1 https://t.co/QuwNtEgYh1 #ThreatIntelligence #CyberSecurity #LLM https://t.co/7QO3fhCmKL

    @transilienceai

    19 Oct 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. ⚠️ CVE-2025-11371 Unpatched Zero-Day in Gladinet CentreStack & Triofox Under Active Attack https://t.co/cQv2eJHfjv A Local File Inclusion (LFI) flaw in Gladinet’s CentreStack and Triofox is being abused in the wild to extract system files and retrieve the machine key.

    @Huntio

    18 Oct 2025

    1735 Impressions

    8 Retweets

    12 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  21. Gladinet has released security updates for its CentreStack business solution to address a local file inclusion vulnerability (CVE-2025-11371) that threat actors have leveraged as a zero-day since late September. https://t.co/3ZnlQWg2Lx

    @blackwired32799

    17 Oct 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. 🚨 CVE-2025-11371 - medium 🚨 Gladinet CentreStack & TrioFox - Local File Inclusion > In the default installation and configuration of Gladinet CentreStack and TrioFox, th... 👾 https://t.co/0tVFYA4TfM @pdnuclei #NucleiTemplates #cve

    @pdnuclei_bot

    17 Oct 2025

    136 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. 🚨 Gladinet CentreStack Product Security Advisory [—] Oct 17, 2025 Comprehensive security analysis and mitigation guidance for CVE-2025-11371 and related vulnerabilities. Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1... https://t.co/GfDcX0bVlp

    @transilienceai

    17 Oct 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. A hackerek kihasználják a Gladinet nulladik napi sérülékenységét A támadók aktívan kihasználják a Gladinet CentreStack és a Triofox termékeket érintő CVE-2025-11371 azonosítón nyomon követett nulladik napi sebezhetőséget, amely lehetővé teszi a támadók s

    @linuxmint_hun

    16 Oct 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. #cyberNEWS Gladinet has released security updates for its CentreStack business solution to address a local file inclusion vulnerability (CVE-2025-11371) that threat actors have leveraged as a zero-day since late September. https://t.co/THLx9JX1If

    @CyberSysblue

    16 Oct 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Gladinet patched a critical zero-day LFI (CVE-2025-11371) in CentreStack file-sharing software, actively exploited since Sept. Update now! 🚨 https://t.co/RGnAgriVL9 #ZeroDay #Gladinet #CentreStack

    @0xT3chn0m4nc3r

    16 Oct 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. Active exploitation of a zero-day vulnerability, CVE-2025-11371 (CVSS 6.1), has been detected in Gladinet CentreStack and TrioFox products, allowing unauthenticated local file inclusion and unintended system file disclosure. https://t.co/D6wFnsKFBI

    @securityRSS

    13 Oct 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. CVE-2025-11371: Linux Security Must Prepare for Cross-Stack Breach #Security #Linux https://t.co/6UF8nMLwZ4

    @gnoppixlinux

    13 Oct 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. 🚨 Gladinet CentreStack Product Security Advisory [—] Oct 13, 2025 Security advisory regarding a Local File Inclusion vulnerability (CVE-2025-11371) affecting Gladinet CentreStack and Triofox. Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1... https://t.co/

    @transilienceai

    13 Oct 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. 🚨 Gladinet CentreStack Product Security Advisory [—] Oct 13, 2025 Security advisory regarding a Local File Inclusion vulnerability (CVE-2025-11371) affecting Gladinet CentreStack and Triofox. Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1... https://t.co/

    @transilienceai

    13 Oct 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. Unpatched Zero-Day in Gladinet CenterStack Under Attack Multiple cybersecurity threats, including CVE-2025-11371 in Gladinet CentreStack, SonicWall VPN breaches, and WordPress plugin flaws, pose significant risks. Cybercrime groups like GXC Team and Qilin ransomware target https

    @Secwiserapp

    12 Oct 2025

    96 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. CVE-2025-11371: Unpatched zero-day in Gladinet CentreStack, Triofox under attack https://t.co/ie6vPMcJjp

    @Dinosn

    12 Oct 2025

    2155 Impressions

    0 Retweets

    6 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  33. #CVE-2025-11371: Unpatched zero-day in Gladinet CentreStack, Triofox under attack https://t.co/WNCbHYkaGY #securityaffairs #hacking

    @securityaffairs

    11 Oct 2025

    384 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. CVE-2025-11371 https://t.co/9j2vwMNEJT

    @lapinousexy

    11 Oct 2025

    177 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  35. Hackers exploiting zero-day in Gladinet file sharing software Threat actors are exploiting a zero-day vulnerability (CVE-2025-11371) in Gladinet CentreStack and Triofox… https://t.co/vaaM6poSuG https://t.co/YdUmXIKOvV

    @DConsultinguk

    11 Oct 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. IMMEDIATE PATCH: ACTIVELY EXPLOITED Zero-Day in Gladinet/Triofox Allows Full Remote Takeover (CVE-2025-11371) Read the full report on - https://t.co/k0hUOy0nfI https://t.co/CJMf9BySGQ

    @Iambivash007

    10 Oct 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. 🚨 Active Exploitation of Gladinet CentreStack and Triofox Local File Inclusion Flaw (CVE-2025-11371) I've created a vulnerability detection script here: https://t.co/sOr7tZBjGP As reported by Huntress this is an unauthenticated Local File Inclusion flaw in Gladinet CentreSta

    @rxerium

    10 Oct 2025

    8408 Impressions

    24 Retweets

    135 Likes

    52 Bookmarks

    3 Replies

    0 Quotes

  38. 🚨 We’ve observed in-the-wild exploitation of a flaw (CVE-2025-11371) in Gladinet CentreStack and Triofox. Get the details here: https://t.co/eNNJnQVjjj https://t.co/OeyAtmVsTB

    @HuntressLabs

    9 Oct 2025

    11430 Impressions

    19 Retweets

    50 Likes

    13 Bookmarks

    0 Replies

    1 Quote

  39. CVE-2025-11371 In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclo… https://t.co/LnpNSgZmpj

    @CVEnew

    9 Oct 2025

    137 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.