CVE-2025-11371 – An unauthenticated Local File Inclusion vulnera... (How to Fix)

Q: What is the severity of CVE-2025-11371?

CVE-2025-11371 has a CVSS score of 7.5 (HIGH). An unauthenticated Local File Inclusion vulnerability in Gladinet CentreStack and TrioFox allows attackers to read sensitive system files without credentials. This affects all versions up to and including 16.7.10368.56560. Active exploitation has been observed in the wild.

📋 TL;DR

An unauthenticated Local File Inclusion vulnerability in Gladinet CentreStack and TrioFox allows attackers to read sensitive system files without credentials. This affects all versions up to and including 16.7.10368.56560. Active exploitation has been observed in the wild.

💻 Affected Systems

Products:

Gladinet CentreStack
Triofox

Versions: All versions prior to and including 16.7.10368.56560

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Default installation is vulnerable. No special configuration required for exploitation.

📦 What is this software?

Centrestack by Gladinet

View all CVEs affecting Centrestack →

Triofox by Gladinet

View all CVEs affecting Triofox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through reading sensitive configuration files, credentials, or SSH keys leading to lateral movement and data exfiltration.

🟠

Likely Case

Unauthorized disclosure of sensitive system files, configuration data, and potentially credential harvesting.

🟢

If Mitigated

Limited impact with proper network segmentation and file system permissions restricting access to critical files.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation observed in the wild. Simple HTTP requests can trigger the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 16.7.10368.56560

Vendor Advisory: https://www.centrestack.com/p/gce_latest_release.html

Restart Required: Yes

Instructions:

1. Download latest version from vendor site. 2. Backup configuration. 3. Install update. 4. Restart service. 5. Verify version.

🔧 Temporary Workarounds

Network Access Control

all

Restrict access to vulnerable endpoints using firewall rules or WAF.

Authentication Enforcement

all

Require authentication for all file access endpoints if supported.

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable systems
Deploy WAF with LFI protection rules and monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Test if unauthenticated file inclusion is possible via HTTP requests to vulnerable endpoints.

Check Version:

Check application version in admin interface or configuration files

Verify Fix Applied:

Verify version is above 16.7.10368.56560 and test that file inclusion attempts fail.

📡 Detection & Monitoring

Log Indicators:

Unusual file path patterns in HTTP logs
Multiple failed file inclusion attempts
Access to sensitive system file paths

Network Indicators:

HTTP requests with directory traversal patterns
Requests for known sensitive files

SIEM Query:

source="web_logs" AND (uri="*../*" OR uri="*..\\*" OR uri="*/etc/passwd*" OR uri="*/windows/win.ini*")

📊 Metadata

CVE ID: CVE-2025-11371

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-552

EPSS Score: 68.16% exploit probability (98.6th percentile)

CISA KEV: Actively Exploited added Nov 4, 2025

Published: October 9, 2025

Last Updated: November 5, 2025

🔗 References

https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw Exploit,Third Party Advisory
https://www.centrestack.com/p/gce_latest_release.html Release Notes
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-11371 US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11371, you might also want to check these: