CVE-2025-11371

Name of the Vulnerable Software and Affected Versions Gladinet CentreStack and TrioFox versions prior to 16.7.10368.56560

Description An unauthenticated Local File Inclusion flaw exists in Gladinet CentreStack and TrioFox. This flaw allows unintended disclosure of system files and can potentially lead to Remote Code Execution (RCE). Threat actors are actively exploiting this vulnerability in the wild, with at least three customers already impacted. The vulnerability, tracked as CVE-2025-11371, allows an attacker to retrieve the machine key from a configuration file, which can then be used to exploit a known deserialization vulnerability. The platform is used by thousands of businesses across more than 49 countries. The exploitation involves accessing system files without authentication.

Recommendations For all versions prior to 16.7.10368.56560, implement the mitigation steps provided by Huntress, which involve removing specific lines of code to disable the exploitable functionality. Be aware that these adjustments may impact some platform features.