CVE-2025-11371

Name of the Vulnerable Software and Affected Versions Gladinet CentreStack and Triofox versions prior to 16.7.10368.56560 Gladinet CentreStack and Triofox versions prior to 16.10.10408.56683

Description Gladinet CentreStack and Triofox are affected by an unauthenticated Local File Inclusion flaw. This allows unintended disclosure of system files and, in some cases, can lead to remote code execution. Exploitation of this issue has been observed in the wild, with at least three customers reportedly impacted. The vulnerability allows attackers to access sensitive system files without authentication by retrieving the machine key from configuration files, potentially leading to further exploitation through a known deserialization vulnerability. The issue impacts the default installation and configuration of the software.

Recommendations For versions prior to 16.7.10368.56560, implement the mitigations recommended by Huntress, which include removing specific lines of code to disable the exploitable functionality. For versions prior to 16.10.10408.56683, update to this version or later to address the vulnerability.