CVE Alert: CVE-2025-11371 – Gladinet – CentreStack and TrioFox

Risk verdict

High risk with active exploitation in the wild; unauthenticated local file inclusion enables disclosure of sensitive system files.

Why this matters

The flaw permits unauthenticated disclosure of sensitive files, potentially exposing credentials and configuration data. In internet-facing or misconfigured deployments, attackers can exfiltrate data and use leaked information to facilitate further intrusion or broader access to the environment.

Most likely attack path

Attackers can reach the vulnerable web interface over the network without authentication. By sending crafted input, they trigger local file inclusion to read restricted files, achieving confidentiality loss with minimal preconditions and no user interaction.

Who is most exposed

Public-facing or poorly segmented on-premises installations of this platform are most at risk, especially where remote file sharing endpoints are exposed directly to the internet.

Detection ideas

• Web server logs show directory traversal patterns (e.g., ../../) or encoded equivalents targeting file endpoints.
• Attempts to read sensitive files (e.g., /etc/passwd, application configs) with unusual responses.
• Sudden spikes in requests from new or uncommon IPs targeting file-read endpoints.
• IDS/WAF alerts for path traversal or LFI signatures.
• Correlated bursts of success responses when requesting non-permitted files.

Mitigation and prioritisation

• Apply vendor-supplied patch/update as soon as available; monitor for official mitigation guidance.
• Restrict access to vulnerable interfaces (use VPN, IP allowlists, or network segmentation).
• Enable/ tune WAF rules to detect and block LFI and directory traversal patterns; disable directory listing.
• Harden input validation and minimise exposure of file-read endpoints in configs.
• Coordinate urgent patching via change-management workflows; continuous monitoring for anomalous file-access activity.