CVE-2025-11371
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-09

Last updated on: 2025-11-05

Assigner: Huntress

Description
In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild.Β  This issue impacts Gladinet CentreStack and Triofox: All versions prior to and includingΒ 16.7.10368.56560
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-09
Last Modified
2025-11-05
Generated
2026-06-16
AI Q&A
2025-10-09
EPSS Evaluated
2026-06-14
NVD
CVE-2025-11371
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
gladinet centrestack to 16.10.10408.56683 (exc)
gladinet triofox to 16.7.10368.56560 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-552 The product makes files or directories accessible to unauthorized actors, even though they should not be.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an unauthenticated Local File Inclusion (LFI) flaw in the default installation and configuration of Gladinet CentreStack and TrioFox. It allows attackers to access and disclose system files without needing to authenticate, potentially exposing sensitive information.

Impact Analysis

The vulnerability can lead to unintended disclosure of system files, which may include sensitive or critical information. This can compromise the security of the affected system, potentially leading to further attacks or data breaches.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11371. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart