SecuriTricks - CVE-2025-11371

Description

In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560

Product(s) Impacted

Vendor	Product	Versions
Gladinet	Centrestack Triofox	<16.7.10368.56560 <16.7.10368.56560

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-220

Storage of File With Sensitive Data Under FTP Root

The product stores sensitive data under the FTP server root with insufficient access control, which might make it accessible to untrusted parties.

CWE-552

Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	gladinet	centrestack	<16.7.10368.56560	/	/	/	/	/	/	/
a	gladinet	triofox	<16.7.10368.56560	/	/	/	/	/	/	/

References

https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw

CVSS Score

6.2 / 10

CVSS Data - 3.1

Attack Vector: LOCAL
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: NONE
Availability Impact: NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

View Vector String

Timeline

Published: Oct. 9, 2025, 5:15 p.m.
Last Modified: Oct. 10, 2025, 2:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

5dacb0b8-2277-4717-899c-254586fe4912

CVE-2025-11371