"Security research firm Huntress is warning all users of Gladinet's CentreStack and Triofox file-sharing tools to urgently apply an available mitigation, as a zero-day is being actively exploited and there's no patch available. Tracked as CVE-2025-11371 (severity 6.2), the local file inclusion vulnerability is the second bug that Huntress has found in Gladinet's software this year. The researchers spotted exploit activity on September 27, even on machines that were patched against CVE-2025-30406 (9.8) - the critical remote code execution (RCE) vulnerability the team found in April."
"Huntress said it has seen at least three Gladinet customers attacked using CVE-2025-11371 so far, and the vendor was aware of the issue before it got in touch, having worked directly with customers to develop a mitigation solution. Details about how to apply the temporary workaround can be found through Huntress' blog, or from the emails Gladinet should have sent to customers explaining the same."
Huntress warns users of Gladinet CentreStack and Triofox to apply an available mitigation immediately because CVE-2025-11371, a local file inclusion vulnerability (severity 6.2), is being actively exploited and no patch exists. Exploit activity was observed on September 27, including machines patched against CVE-2025-30406, a prior critical RCE vulnerability (9.8). Huntress has observed at least three customer attacks and Gladinet worked with customers to develop a mitigation. Temporary workaround details are available via Huntress' blog or Gladinet customer emails. Successful exploitation could expose the machine key and enable subsequent RCE.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]