CVE-2025-11371
Analyzed
Published: 09 Oct 2025, 17:15
Last modified:05 Nov 2025, 14:32
Vulnerability Summary
Overall Risk
High Risk
68/100 AI Analysis
Emergency
Requires Immediate Action AI Detection
Active in Wild
Exploitation Detected CVSS Score
6.1 MEDIUM
CVSS v3.1 (134C704F-9B21-4F2E-91B3-4A467353BCC0)
EPSS Score
10.52% CRITICAL
11% probability 0.00%
CISA KEV
Listed
Gladinet
Ransomware
Known Use
Exploits
None found
Dark Web
Activity detected
Telegram
In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild.
This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560
Source Identifier: 5dacb0b8-2277-4717-899c-254586fe4912
| CVSS | Source | Severity | Exploit. | Impact | Vector |
|---|---|---|---|---|---|
| v4.0 | n/a | ||||
| v3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.1 MEDIUM | 1.8 | 4.2 | CVSS:3.1/AV:L/AC:L/PR:L/U... |
| v3.0 | n/a | ||||
| v2.0 | n/a | ||||
70.26%
Current Score
0.00%
99%ile
Percentile Rank
0.00%
Loading chart...
Loading chart...
Storage of File With Sensitive Data Under FTP Root CWE-220
Description:The product stores sensitive data under the FTP server root with insufficient access control, which might make it accessible to untrusted parties.
Files or Directories Accessible to External Parties CWE-552
Description:The product makes files or directories accessible to unauthorized actors, even though they should not be.
Vulnerability Name:Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability
Added to CISA Catalog:04 Nov 2025, 00:00
Action Due:25 Nov 2025, 00:00
Known Ransomware: Ransomware
Required Action:Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Telegram Activity Detected
This vulnerability has been mentioned in monitored Telegram channels, indicating potential threat actor interest.
No known public exploit code indexed (as of 05 Nov 2025, 14:32).
Exploitation status can change quickly once PoC code appears.
Affected Configurations (CPE)
gladinet centrestackVulnerable
Version: *
cpe:2.3:a:gladinet:centrestack:*:*:*:*:*:*:*:*
gladinet triofoxVulnerable
Version: *
cpe:2.3:a:gladinet:triofox:*:*:*:*:*:*:*:*
| URL | Tags | Source |
|---|---|---|
| https://www.centrestack.com/p/gce_latest_release.html | - | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
| https://www.centrestack.com/p/gce_latest_release.html | release notes | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-11371 | - | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-11371 | us government resource | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
| https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw | - | 5dacb0b8-2277-4717-899c-254586fe4912 |
| https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw | exploitthird party advisory | 5dacb0b8-2277-4717-899c-254586fe4912 |