The Register
Security research firm Huntress is warning all users of Gladinet's CentreStack and Triofox file-sharing tools to urgently apply an available mitigation, as a zero-day is being actively exploited and there's no patch available.
Tracked as CVE-2025-11371 (severity 6.2), the local file inclusion vulnerability is the second bug that Huntress has found in Gladinet's software this year.
The researchers spotted exploit activity on September 27, even on machines that were patched against CVE-2025-30406 (9.8) – the critical remote code execution (RCE) vulnerability the team found in April.
Huntress said it has seen at least three Gladinet customers attacked using CVE-2025-11371 so far, and the vendor was aware of the issue before it got in touch, having worked directly with customers to develop
RadarOnline
AmoMama