← Volver a CVEs
CVE-2025-11371
HIGHCISA KEV7.5
Descripcion
In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560
Detalles CVE
Puntuacion CVSS v3.17.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado10/9/2025
Ultima modificacion11/5/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorGladinet
ProductoCentreStack and Triofox
Nombre vulnerabilidadGladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability
Fecha inclusion KEV2025-11-04
Fecha limite remediacion2025-11-25
Uso en ransomwareUnknown
Productos afectados
gladinet:centrestackgladinet:triofox
Debilidades (CWE)
CWE-552
Referencias
https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw(5dacb0b8-2277-4717-899c-254586fe4912)
https://www.centrestack.com/p/gce_latest_release.html(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-11371(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.