- Gladinet Centrestack/Triofox has a zero-day vulnerability
- The error (CVE-2025-11371) enables the execution of remote code
- Users must apply mitigation as there is no patch that is available
Gladinet CenterStack and Triofox, secure file sharing and remote access solutions developed by Gladinet, carrying a zero-day vulnerability that is abused to perform malicious code (RCE), researchers say. Since zero-day is actively utilized and no available patch is yet available, users are encouraged to use the available mitigation as soon as possible.
CenterStack is a B2B file sharing solution that lets employees access to corporate files externally through mapped drive, mobile apps or browsers, without migrating everything to public cloud services such as Dropbox or Google Drive. Triofox, on the other hand, is a cloud activity platform for file servers that provides VPN-less remote with Active Directory integration, version control and secure file sharing.
Recently, Huntress security researchers were informed of a successful exploitation of a previously undocumented vulnerability. After reaching Gladinet, Huntress taught that the company was already aware of the error and was in contact with a few victims in an attempt to minimize the injury.
Three victims so far
The error is described as an “unauthorized local file -lying vulnerability that allows threat actors to retrieve machine keys from the application web.config file.” It is now traced as CVE-2025-11371 and has a severity of 6.2/10 (medium).
Don’t let the relatively low rating trick you – this is a dangerous error that enables RCE. According to Huntress, three companies have so far fallen victim to unnamed attackers, and given that there is no patch yet – this number can increase significantly.
Gladinet has allegedly already notified its customers of the error and is actively engaged in helping them minimize the risk, so that companies that read their supplier correspondence should be fine. If you haven’t read your E emails yet, you can also check the Huntress blog for details on how to stay secure. We do not know how many companies could be at risk, but according to the Gladinet website it is at least 1,000.
Via Registered
Follow Techradar on Google News and Add us as a preferred source To get our expert news, reviews and meaning in your feeds. Be sure to click the Follow button!
And of course you can too Follow Techradar at Tiktok For news, reviews, unboxings in video form and get regular updates from us at WhatsApp also.
