- Gladinet CentreStack/Triofox have a zero-day vulnerability
- The flaw (CVE-2025-11371) enables remote code execution
- Users should apply mitigation as no patch is available
Secure file sharing and remote access solutions developed by Gladinet are reportedly carrying a zero-day vulnerability that is being abused to remotely execute malicious code (RCE), researchers are saying.
Since the zero-days in Gladinet CentreStack and Triofox are being actively exploited, and there is no patch available yet, users are urged to apply the available mitigation as soon as possible.
Recently, security researchers from Huntress were notified of a successful exploitation of a previously undocumented vulnerability. After reaching out to Gladinet, Huntress learned that the company was already aware of the flaw, and was in touch with a couple of victims in an attempt to minimize the damage.
Three victims so far
The flaw is described as an “unauthenticated local file inclusion vulnerability that allows threat actors to retrieve machine keys from the application Web.config file.” It is now tracked as CVE-2025-11371, and has a severity score of 6.2/10 (medium).
Don’t let the relatively low rating trick you – this is a dangerous flaw which enables RCE. According to Huntress, three companies have so far fallen victim to unnamed attackers, and given there’s no patch yet – that number could rise significantly.
CentreStack is a B2B file sharing solution that lets employees access company files remotely through mapped drives, mobile apps, or browsers, without migrating everything to public cloud services like Dropbox or Google Drive.
Triofox, on the other hand, is a cloud-enablement platform for file servers that provides VPN-less remote access with Active Directory integration, version control, and secure file sharing.
Gladinet allegedly already notified its customers about the flaw and is actively engaged in helping them minimize the risk, so businesses who read their supplier correspondence should be fine.
If you haven’t read your emails yet, you can also check the Huntress blog for details on how to stay safe. We don’t know how many businesses could be at risk but according to Gladinet’s website, it’s at least 1,000.
Via The Register
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You might also like
- Salesforce platforms are being cracked open for data theft – FBI warns of UNC6040 and UNC6395 IOCs
- Take a look at our guide to the best authenticator app
- We’ve rounded up the best password managers
