External risk intelligence

Gladinet CentreStack and TrioFox: Local File Disclosure Vulnerability

CVE advisoryKnown Exploit

CVE-2025-11371

Certain Gladinet CentreStack and TrioFox installations have a flaw allowing unauthorized system file disclosure. Exploitation has been observed, posing a risk to data confidentiality for affected organizations.

5Halo Surface Signal

Gladinet Centrestack

before 16.10.10408.5668316.7.10368.56560 and earlier

External exposure likelihood

Halo Surface Signal score for CVE-2025-11371

Gladinet CentreStack and TrioFox are enterprise file sharing and cloud storage platforms designed to be exposed to the internet to provide remote access, file synchronization, and external collaboration capabilities, making their web interfaces a primary, public-facing service by design.

Horizon Alert

Summary of the vulnerability and why it matters

Certain installations of Gladinet CentreStack and TrioFox are susceptible to a vulnerability that could lead to the unauthorized exposure of system files. This flaw allows attackers to access sensitive information without requiring any authentication. Exploitation of this vulnerability has been observed.

Gladinet CentreStack and TrioFox software
Unauthenticated access to system files
Unintended disclosure of sensitive data

Attack Path

How an attacker could exploit the issue

This vulnerability allows an attacker to access sensitive system files on the affected organizations' servers. Exploitation has been observed in real-world attacks, posing a risk to data confidentiality. The unauthenticated nature of the flaw means attackers do not need prior access to the system.

Unauthenticated access to the system.
Attacker triggers file disclosure.
Unintended disclosure of system files.

Live Threat

Current exploitation, exposure, and threat context

The identified vulnerability presents a significant risk due to its unauthenticated nature, allowing for the unintended disclosure of system files. Exploitation in the wild has been documented, indicating that malicious actors are actively targeting this weakness. The ease of exploitation and the potential for sensitive data exposure necessitate prompt attention to mitigate business risk.

Attackers need no special skills.
No access or conditions required.
High business risk and urgency.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

An unauthenticated Local File Inclusion vulnerability has been identified in Gladinet CentreStack and TrioFox, allowing for unintended disclosure of system files. Exploitation of this flaw has been observed in the wild, posing a risk to affected organizations. The vulnerability impacts all versions prior to and including 16.7.10368.56560 for TrioFox and all versions prior to 16.10.10408.56683 for CentreStack.

Find affected assets.
Reduce exposure or isolate risk.
Fix, verify, and monitor.

Frequently asked questions

What is Gladinet CentreStack and TrioFox?

Gladinet CentreStack and TrioFox are software platforms used for enterprise file sharing and cloud storage. They enable features like remote access, file synchronization, and external collaboration, allowing users to manage and share files across different devices and with external parties.

How does the CVE-2025-11371 vulnerability work?

This vulnerability is classified as a Local File Inclusion flaw (CWE-552). It allows an unauthenticated attacker to trick the software into revealing unintended system files, which could contain sensitive information.

What are the attacker's preconditions to exploit CVE-2025-11371?

An attacker does not need any special skills, prior access, or specific conditions to exploit this flaw. The vulnerability is triggered by the attacker's actions, leading to the unintended disclosure of system files.

Who should be concerned about this Gladinet CentreStack and TrioFox vulnerability?

Organizations using Gladinet CentreStack or TrioFox should be concerned. Since these platforms are designed for internet-facing access to enable remote collaboration, this vulnerability presents a risk to sensitive data accessible via the internet.

What are the first steps to address CVE-2025-11371?

The initial steps involve identifying all instances of the affected software. You should then consider reducing the system's exposure or isolating the risk, followed by applying any available fixes or patches provided by the vendor, and verifying the solution.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.