CVE-2025-11371

HIGH 7.5

⚠️ CISA KEV

Gladinet CentreStack and TrioFox Local File Inclusion Flaw

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560

Vendor	gladinet
Product	centrestack and triofox
Published	Oct 9, 2025
Last Updated	Feb 26, 2026

⚠️ Actively Exploited — Act Now

Get instant alerts for gladinet centrestack and triofox

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2025-11371.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Gladinet / CentreStack and TrioFox

0 ≤ 16.7.10368.56560

References

NVD ↗ CVE.org ↗ EPSS Data ↗

huntress.com: https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-11371 centrestack.com: https://www.centrestack.com/p/gce_latest_release.html

Credits

Bryan Masters James Maclachlan Jai Minton