CVE-2025-11371 is a Local File Inclusion (LFI) vulnerability found in Gladinet CentreStack and TrioFox products, affecting all versions up to and including 16.7.10368.56560. The vulnerability arises from improper input validation in the default installation and configuration, allowing unauthenticated remote attackers to include and read arbitrary system files. This can lead to unintended disclosure of sensitive information such as configuration files, credentials, or other critical data stored on the server. The flaw does not require any authentication or user interaction, making it highly accessible to attackers. The vulnerability is categorized under CWE-552 (Files or Directories Accessible to External Parties). While no public exploit code or active exploitation has been confirmed, the vulnerability's nature and ease of exploitation make it a significant threat. The CVSS v3.1 base score is 7.5, reflecting high confidentiality impact, network attack vector, low attack complexity, and no privileges or user interaction required. The vulnerability affects the confidentiality of data but does not impact integrity or availability. The lack of patches at the time of disclosure increases the urgency for mitigation. Organizations using these products should monitor vendor communications for updates and apply patches promptly once available.

For European organizations, exploitation of CVE-2025-11371 could lead to unauthorized disclosure of sensitive system files, potentially exposing confidential business data, user credentials, or internal configurations. This breach of confidentiality can result in regulatory non-compliance, especially under GDPR, leading to legal and financial penalties. Organizations in finance, healthcare, government, and critical infrastructure sectors are particularly vulnerable due to the sensitivity of their data. Additionally, disclosed information could be leveraged for further attacks such as privilege escalation or lateral movement within networks. The unauthenticated nature of the vulnerability increases the risk of widespread exploitation, especially in environments where CentreStack and TrioFox are exposed to the internet or insufficiently segmented networks. The impact on business continuity is indirect but significant due to potential data breaches and loss of trust.

1. Immediately restrict external network access to Gladinet CentreStack and TrioFox services using firewalls or network segmentation to limit exposure. 2. Monitor vendor channels closely for official patches or updates addressing CVE-2025-11371 and apply them promptly upon release. 3. Implement Web Application Firewalls (WAFs) with rules designed to detect and block Local File Inclusion attempts targeting these products. 4. Conduct thorough input validation and sanitization on any user-supplied parameters if custom integrations or configurations exist. 5. Audit existing deployments for exposure to the internet or untrusted networks and remediate by isolating or hardening affected systems. 6. Review and limit file system permissions to reduce the amount of sensitive data accessible to the application. 7. Employ continuous monitoring and logging to detect suspicious access patterns or attempts to exploit LFI vulnerabilities. 8. Educate IT and security teams about the vulnerability specifics to ensure rapid response and containment.