CVE-2025-11371

7.5 HIGH CISA KEV - Actively Exploited

Published: October 09, 2025 Modified: November 05, 2025

Description

In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw

Source: 5dacb0b8-2277-4717-899c-254586fe4912

Exploit Third Party Advisory

https://www.centrestack.com/p/gce_latest_release.html

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Release Notes

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-11371

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

3 reference(s) from NVD

Quick Stats

CVSS v3 Score

7.5 / 10.0

EPSS (Exploit Probability)

63.3%

98th percentile

Exploitation Status

Actively Exploited

Remediation due: 2025-11-25

Weaknesses (CWE)

CWE-552

Affected Vendors

gladinet

Related CVEs

CVE-2025-52691 10.0

CVE-2025-15168 7.3

CVE-2025-15167 7.3

CVE-2025-15166 7.3

CVE-2025-15165 7.3