vulnerability

Gladinet Centrestack: CVE-2025-11371: Storage of File With Sensitive Data Under FTP Root

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:N/A:P)

Published

Oct 9, 2025

Added

Oct 13, 2025

Modified

Dec 18, 2025

Description

In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild.
This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560

Solution

gladinet-centrestack-update-latest

References

CVE-2025-11371
https://attackerkb.com/topics/CVE-2025-11371
https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw
CWE-220

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report