CVE-2025-11371
HIGH
7,5
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
Description
AI Translation Available
In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild.
This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0001
Percentile
0,0th
Updated
EPSS Score Trend (Last 61 Days)
552
Files or Directories Accessible to External Parties
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Potential Impacts:
Read Files Or Directories
Modify Files Or Directories
Applicable Platforms
Technologies:
Not Technology-Specific, Cloud Computing
Application
Triofox by Gladinet
Version Range Affected
To
16.7.10368.56560
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:gladinet:triofox:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Centrestack by Gladinet
Version Range Affected
To
16.10.10408.56683
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:gladinet:centrestack:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.centrestack.com/p/gce_latest_release.html
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025…
https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion…