← Retour aux CVEs
CVE-2025-11371
HIGHCISA KEV7.5
Description
In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560
Details CVE
Score CVSS v3.17.5
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie10/9/2025
Derniere modification11/5/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurGladinet
ProduitCentreStack and Triofox
Nom vulnerabiliteGladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability
Date ajout KEV2025-11-04
Date limite remediation2025-11-25
Utilise dans ransomwareUnknown
Produits affectes
gladinet:centrestackgladinet:triofox
Faiblesses (CWE)
CWE-552
References
https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw(5dacb0b8-2277-4717-899c-254586fe4912)
https://www.centrestack.com/p/gce_latest_release.html(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-11371(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.