CVE-2025-11371

Published Oct 9, 2025

Last updated 8 days ago

CVSS medium 6.2
Gladinet CentreStack

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-11371 is an unauthenticated local file inclusion vulnerability found in Gladinet CentreStack and TrioFox. It exists in the default installation and configuration of these applications. The vulnerability allows attackers to read sensitive system files without authentication. Exploitation of this vulnerability has been observed in the wild. The vulnerability impacts all versions of Gladinet CentreStack and TrioFox up to and including 16.7.10368.56560. By exploiting this flaw, a threat actor can retrieve the machine key from the application's Web.config file. This key can then be used to perform remote code execution via a ViewState deserialization vulnerability.

Description
In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild.  This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560
Source
5dacb0b8-2277-4717-899c-254586fe4912
NVD status
Awaiting Analysis

Insights

Analysis from the Intruder Security Team
Published Oct 13, 2025 Updated Oct 13, 2025

Note that the public CVSS score for this vulnerability is too low - it has been scored as if it was a local vulnerability, when it can be exploited remotely.

This vulnerability is essentially a remote code execution vulnerability, as an attacker can use the LFI to obtain the Machine Key for the installation and then leverage this in the same way as a previous vulnerability discovered earlier in the year.

Attackers have knowledge of how to exploit this and there is no patch currently available. If you have an exposed instance, you must apply the mitigation discussed by Huntress in their post and consider that the server may be compromised.

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.2
Impact score
3.6
Exploitability score
2.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-552

Social media

Hype score
Not currently trending

  1. 🚨 TrioFox Product Security Advisory [—] Oct 19, 2025 Analysis of CVE-2025-11371 Local File Inclusion Vulnerability Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1 https://t.co/QuwNtEgYh1 #ThreatIntelligence #CyberSecurity #LLM https://t.co/WDs2UFoYGZ

    @transilienceai

    19 Oct 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 Gladinet CentreStack [—] Oct 19, 2025 Product Security Advisory regarding CVE-2025-11371 and associated risks. Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1 https://t.co/QuwNtEgYh1 #ThreatIntelligence #CyberSecurity #LLM https://t.co/7QO3fhCmKL

    @transilienceai

    19 Oct 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. ⚠️ CVE-2025-11371 Unpatched Zero-Day in Gladinet CentreStack & Triofox Under Active Attack https://t.co/cQv2eJHfjv A Local File Inclusion (LFI) flaw in Gladinet’s CentreStack and Triofox is being abused in the wild to extract system files and retrieve the machine key.

    @Huntio

    18 Oct 2025

    1735 Impressions

    8 Retweets

    12 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  4. Gladinet has released security updates for its CentreStack business solution to address a local file inclusion vulnerability (CVE-2025-11371) that threat actors have leveraged as a zero-day since late September. https://t.co/3ZnlQWg2Lx

    @blackwired32799

    17 Oct 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 CVE-2025-11371 - medium 🚨 Gladinet CentreStack & TrioFox - Local File Inclusion > In the default installation and configuration of Gladinet CentreStack and TrioFox, th... 👾 https://t.co/0tVFYA4TfM @pdnuclei #NucleiTemplates #cve

    @pdnuclei_bot

    17 Oct 2025

    136 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 Gladinet CentreStack Product Security Advisory [—] Oct 17, 2025 Comprehensive security analysis and mitigation guidance for CVE-2025-11371 and related vulnerabilities. Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1... https://t.co/GfDcX0bVlp

    @transilienceai

    17 Oct 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. A hackerek kihasználják a Gladinet nulladik napi sérülékenységét A támadók aktívan kihasználják a Gladinet CentreStack és a Triofox termékeket érintő CVE-2025-11371 azonosítón nyomon követett nulladik napi sebezhetőséget, amely lehetővé teszi a támadók s

    @linuxmint_hun

    16 Oct 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. #cyberNEWS Gladinet has released security updates for its CentreStack business solution to address a local file inclusion vulnerability (CVE-2025-11371) that threat actors have leveraged as a zero-day since late September. https://t.co/THLx9JX1If

    @CyberSysblue

    16 Oct 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Gladinet patched a critical zero-day LFI (CVE-2025-11371) in CentreStack file-sharing software, actively exploited since Sept. Update now! 🚨 https://t.co/RGnAgriVL9 #ZeroDay #Gladinet #CentreStack

    @0xT3chn0m4nc3r

    16 Oct 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Active exploitation of a zero-day vulnerability, CVE-2025-11371 (CVSS 6.1), has been detected in Gladinet CentreStack and TrioFox products, allowing unauthenticated local file inclusion and unintended system file disclosure. https://t.co/D6wFnsKFBI

    @securityRSS

    13 Oct 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CVE-2025-11371: Linux Security Must Prepare for Cross-Stack Breach #Security #Linux https://t.co/6UF8nMLwZ4

    @gnoppixlinux

    13 Oct 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🚨 Gladinet CentreStack Product Security Advisory [—] Oct 13, 2025 Security advisory regarding a Local File Inclusion vulnerability (CVE-2025-11371) affecting Gladinet CentreStack and Triofox. Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1... https://t.co/

    @transilienceai

    13 Oct 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 🚨 Gladinet CentreStack Product Security Advisory [—] Oct 13, 2025 Security advisory regarding a Local File Inclusion vulnerability (CVE-2025-11371) affecting Gladinet CentreStack and Triofox. Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1... https://t.co/

    @transilienceai

    13 Oct 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Unpatched Zero-Day in Gladinet CenterStack Under Attack Multiple cybersecurity threats, including CVE-2025-11371 in Gladinet CentreStack, SonicWall VPN breaches, and WordPress plugin flaws, pose significant risks. Cybercrime groups like GXC Team and Qilin ransomware target https

    @Secwiserapp

    12 Oct 2025

    96 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CVE-2025-11371: Unpatched zero-day in Gladinet CentreStack, Triofox under attack https://t.co/ie6vPMcJjp

    @Dinosn

    12 Oct 2025

    2155 Impressions

    0 Retweets

    6 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  16. #CVE-2025-11371: Unpatched zero-day in Gladinet CentreStack, Triofox under attack https://t.co/WNCbHYkaGY #securityaffairs #hacking

    @securityaffairs

    11 Oct 2025

    384 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. CVE-2025-11371 https://t.co/9j2vwMNEJT

    @lapinousexy

    11 Oct 2025

    177 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  18. Hackers exploiting zero-day in Gladinet file sharing software Threat actors are exploiting a zero-day vulnerability (CVE-2025-11371) in Gladinet CentreStack and Triofox… https://t.co/vaaM6poSuG https://t.co/YdUmXIKOvV

    @DConsultinguk

    11 Oct 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. IMMEDIATE PATCH: ACTIVELY EXPLOITED Zero-Day in Gladinet/Triofox Allows Full Remote Takeover (CVE-2025-11371) Read the full report on - https://t.co/k0hUOy0nfI https://t.co/CJMf9BySGQ

    @Iambivash007

    10 Oct 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. 🚨 Active Exploitation of Gladinet CentreStack and Triofox Local File Inclusion Flaw (CVE-2025-11371) I've created a vulnerability detection script here: https://t.co/sOr7tZBjGP As reported by Huntress this is an unauthenticated Local File Inclusion flaw in Gladinet CentreSta

    @rxerium

    10 Oct 2025

    8408 Impressions

    24 Retweets

    135 Likes

    52 Bookmarks

    3 Replies

    0 Quotes

  21. 🚨 We’ve observed in-the-wild exploitation of a flaw (CVE-2025-11371) in Gladinet CentreStack and Triofox. Get the details here: https://t.co/eNNJnQVjjj https://t.co/OeyAtmVsTB

    @HuntressLabs

    9 Oct 2025

    11430 Impressions

    19 Retweets

    50 Likes

    13 Bookmarks

    0 Replies

    1 Quote

  22. CVE-2025-11371 In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclo… https://t.co/LnpNSgZmpj

    @CVEnew

    9 Oct 2025

    137 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.