Gladinet CentreStack and TrioFox Local File Inclusion Flaw_CVE-2025-11371

6.1 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Description

In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild.

This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560

Basic Information

ID CVE-2025-11371

Source Huntress

Published Oct 9, 2025 at 16:50

Modified Oct 9, 2025 at 19:16

Affected Product

Vendor Gladinet

Product CentreStack and TrioFox

Affected Versions Gladinet CentreStack and TrioFox 0

CWE Classification

CWE-220

References

www.huntress.com /blog/gladinet-centrestack-triofox-local-file-inclusion-flaw

{
    "lastseen": "",
    "description": "In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild.\u00a0\n\nThis issue impacts Gladinet CentreStack and Triofox: All versions prior to and including\u00a016.7.10368.56560",
    "published": "2025-10-09T16:50:49.117Z",
    "modified": "2025-10-09T19:16:23.772Z",
    "type": "cve",
    "title": "Gladinet CentreStack and TrioFox Local File Inclusion Flaw",
    "source": "Huntress",
    "references": "https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw",
    "id": "CVE-2025-11371",
    "bulletinFamily": "",
    "cwe": [
        "CWE-220"
    ],
    "cvelist": null,
    "sourceData": "Gladinet CentreStack and TrioFox 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.1,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CentreStack and TrioFox",
    "version": "0",
    "vendor": "Gladinet",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}