vulnerability

Gladinet Triofox: CVE-2025-11371: Storage of File With Sensitive Data Under FTP Root

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:S/C:C/I:N/A:P)	Oct 9, 2025	Oct 13, 2025	Oct 13, 2025

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:N/A:P)

Published

Oct 9, 2025

Added

Oct 13, 2025

Modified

Oct 13, 2025

Description

In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild.
This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560

Solution

gladinet-triofox-upgrade-latest

References

CVE-2025-11371
https://attackerkb.com/topics/CVE-2025-11371
URL-https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw
CWE-220

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today