7.5

CVE-2025-11371

Warnung
Exploit

Gladinet CentreStack and TrioFox Local File Inclusion Flaw

In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. 

This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GladinetCentrestack Version < 16.10.10408.56683
GladinetTriofox Version <= 16.7.10368.56560
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login

04.11.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability

Schwachstelle

Gladinet CentreStack and Triofox contains a files or directories accessible to external parties vulnerability that allows unintended disclosure of system files.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 92.09% 0.998
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

https://www.centrestack.com/p/gce_latest_release.html
Release Notes
https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw
Third Party Advisory
Exploit
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-11371
US Government Resource