Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-11371

In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560

Published

2025-10-09T17:15:58.507

Last Modified

2025-11-05T14:32:00.610

Status

Analyzed

Source

5dacb0b8-2277-4717-899c-254586fe4912

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-552

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gladinet	centrestack	< 16.10.10408.56683	Yes
Application	gladinet	triofox	≤ 16.7.10368.56560	Yes

References

https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw Exploit, Third Party Advisory (5dacb0b8-2277-4717-899c-254586fe4912)
https://www.centrestack.com/p/gce_latest_release.html Release Notes (134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-11371 US Government Resource (134c704f-9b21-4f2e-91b3-4a467353bcc0)