CVE-2025-11371

ENISA EUVD: EUVD-2025-33408 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 4 articles Published: 2025-10-09

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

67.65%

probability

This CVE has a 67.65% probability of being exploited in the next 30 days.

0% Top 98.6th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

7.5

HIGH

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

VulnerabilityLookup (CNA)

In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560

Affected Products

Gladinet

CentreStack and TrioFox

Attack Intelligence

CWE-284 · Improper Access Control CWE-285 · Improper Authorization CWE-552 · Files or Directories Accessible to External Parties CWE-664 · Improper Control of a Resource Through its Lifetime CWE-668 · Exposure of Resource to Wrong Sphere

https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw

Signal Intelligence

Confidenceⓘ

85%

EPSS 67.65%

CVSS v3.1 7.5

Mentions 4

Last Seen Dec 11, 2025

CNA Information

CNA Assigner

Huntress

CNA Title

Gladinet CentreStack and TrioFox Local File Inclusion Flaw

Analyst Note

CVE-2025-11371 shows clear zero-day indicators: published 2025-10-09, official description explicitly states 'exploitation of this vulnerability has been observed in the wild,' and article [1] confirms active attacks against real organizations (9 affected). The vulnerability is in default configurations of widely-deployed products with a HIGH CVSS score. CISA KEV addition (mentioned in article [3]) further corroborates active exploitation. Timeline is consistent with zero-day (2025 CVE with concurrent wild exploitation reports).