CVE-2025-11371 is a Local File Inclusion (LFI) vulnerability found in Gladinet CentreStack and TrioFox, two file sharing and collaboration platforms widely used in enterprise environments. The vulnerability exists in the default installation and configuration of these products, allowing unauthenticated attackers to exploit the flaw to read arbitrary system files. This occurs because the applications improperly handle file path inputs, enabling attackers to traverse directories and include files outside the intended scope. The flaw affects all versions up to and including 16.7.10368.56560. Although no CVSS score has been assigned, the vulnerability is critical due to the lack of authentication required and the potential to disclose sensitive system files such as configuration files, credentials, or logs. Exploitation in the wild has been observed, confirming active attempts to leverage this vulnerability for information gathering or further attacks. The absence of patches at the time of publication increases the urgency for organizations to implement interim mitigations. The vulnerability's exploitation could serve as a foothold for attackers to escalate privileges or move laterally within networks. Given the nature of CentreStack and TrioFox as collaboration tools, the exposure of sensitive files could lead to significant confidentiality breaches and operational disruptions.

For European organizations, the impact of CVE-2025-11371 can be substantial. The unauthorized disclosure of system files can lead to leakage of sensitive corporate data, including credentials, configuration details, and intellectual property. This exposure increases the risk of subsequent attacks such as privilege escalation, ransomware deployment, or espionage. Organizations relying on Gladinet CentreStack and TrioFox for secure file sharing and collaboration may face operational disruptions and reputational damage if attackers exploit this vulnerability. The breach of confidentiality could also lead to violations of GDPR and other data protection regulations, resulting in legal and financial penalties. Additionally, critical infrastructure and government agencies using these products could be targeted for espionage or sabotage. The ease of exploitation without authentication means that attackers can operate remotely and anonymously, increasing the threat landscape. Overall, the vulnerability undermines trust in file sharing platforms and necessitates urgent remediation to protect European digital assets.

1. Immediately audit all instances of Gladinet CentreStack and TrioFox to identify affected versions and configurations. 2. Restrict network access to these services using firewalls and network segmentation to limit exposure to trusted users only. 3. Implement strict access controls and monitor logs for unusual file access patterns indicative of exploitation attempts. 4. Disable or restrict features that allow file path manipulation if configurable. 5. Apply vendor patches promptly once released; engage with Gladinet support for timelines and interim fixes. 6. Use Web Application Firewalls (WAFs) with custom rules to detect and block LFI attack patterns targeting these products. 7. Conduct regular vulnerability scanning and penetration testing focused on file inclusion and path traversal issues. 8. Educate IT and security teams about this vulnerability to ensure rapid detection and response. 9. Consider alternative secure file sharing solutions if patching is delayed or not feasible. 10. Maintain backups and incident response plans to mitigate potential data loss or compromise.