CVE-2025-11371

high-risk

Published 2025-10-09

In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560

Do I need to act?

67.6% chance of exploitation in next 30 days

EPSS score — higher than 32% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (2)

Centrestack

Triofox

Affected Vendors

Gladinet

References (3)

Exploit https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-...

Release Notes https://www.centrestack.com/p/gce_latest_release.html

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-...

/ 100

high-risk

Severity 26/34 · High

Exploitability 26/34 · High

Exposure 7/34 · Low