CVE-2025-11371 identifies a Local File Inclusion (LFI) vulnerability in Gladinet CentreStack and TrioFox products, specifically in their default installation and configuration. LFI vulnerabilities occur when an application includes files based on user input without proper validation, enabling attackers to read arbitrary files on the server. In this case, the flaw allows unauthenticated remote attackers to access sensitive system files, potentially exposing configuration files, credentials, or other critical data. The vulnerability affects all versions up to and including 16.7.10368.56560. The CVSS v3.1 base score is 7.5, reflecting a network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), high confidentiality impact (C:H), and no impact on integrity or availability (I:N, A:N). This means an attacker can exploit the vulnerability remotely without authentication or user interaction to gain unauthorized read access to system files. Although no public exploits have been reported yet, the vulnerability's characteristics make it a prime target for attackers seeking to gather sensitive information for further attacks. The CWE-552 classification highlights the risk of unintended information disclosure due to improper file inclusion. The vulnerability was reserved on October 6, 2025, and published on October 9, 2025, indicating recent discovery and disclosure. No official patches are currently linked, suggesting that users must monitor vendor communications closely for updates. The vulnerability's presence in default configurations underscores the importance of secure deployment practices.

The primary impact of CVE-2025-11371 is the unauthorized disclosure of sensitive system files, which can compromise confidentiality. Attackers exploiting this flaw can access configuration files, credentials, or other sensitive data stored on the server, potentially enabling further attacks such as privilege escalation, lateral movement, or data exfiltration. Since the vulnerability does not affect integrity or availability, the immediate risk is data leakage rather than system disruption. However, the exposed information could facilitate more damaging attacks. Organizations relying on Gladinet CentreStack and TrioFox for file sharing and cloud storage services are at risk of sensitive data exposure, which could lead to regulatory non-compliance, reputational damage, and financial loss. The ease of exploitation—requiring no authentication or user interaction—amplifies the threat, making automated scanning and exploitation feasible. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the potential for rapid weaponization. Enterprises with default or misconfigured deployments are particularly vulnerable, emphasizing the need for prompt remediation.

1. Apply official patches or updates from Gladinet as soon as they become available to address CVE-2025-11371. 2. Until patches are released, restrict network access to CentreStack and TrioFox management interfaces and services to trusted IP addresses only, using firewalls or network segmentation. 3. Disable or restrict any unnecessary file inclusion or file access features in the product configuration to minimize exposure. 4. Implement web application firewalls (WAFs) with rules designed to detect and block LFI attack patterns targeting these products. 5. Conduct regular security audits and configuration reviews to ensure default settings are hardened and unnecessary services are disabled. 6. Monitor logs for unusual file access attempts or suspicious requests indicative of LFI exploitation. 7. Educate system administrators and security teams about this vulnerability and encourage proactive threat hunting for signs of exploitation. 8. Consider deploying intrusion detection/prevention systems (IDS/IPS) tuned to detect LFI attempts against these products. 9. If feasible, isolate vulnerable systems from the internet or untrusted networks until remediation is complete. 10. Maintain an incident response plan to quickly address any detected exploitation attempts.