Vulnerability Description
In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gladinet | Centrestack | < 16.10.10408.56683 |
| Gladinet | Triofox | <= 16.7.10368.56560 |
Related Weaknesses (CWE)
References
- https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-ExploitThird Party Advisory
- https://www.centrestack.com/p/gce_latest_release.htmlRelease Notes
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-US Government Resource
FAQ
What is CVE-2025-11371?
CVE-2025-11371 is a vulnerability with a CVSS score of 7.5 (HIGH). In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation...
How severe is CVE-2025-11371?
CVE-2025-11371 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-11371?
Check the references section above for vendor advisories and patch information. Affected products include: Gladinet Centrestack, Gladinet Triofox.