CVE-2025-11371 Scanner

The Gladinet CentreStack and TrioFox are widely used in enterprise environments for secure file sharing and collaboration. These products help businesses manage, share, and protect data stored on-premises or in cloud storage. They are typically used by organizations looking to optimize their file sharing capabilities while maintaining strict control over data. Their user-friendly interfaces make them popular among IT administrators for integrating existing storage infrastructure. The software supports seamless integration with cloud services, making them a versatile solution for file management. Companies of varying sizes utilize these components for their robust management and control capabilities over file access and sharing.

The Local File Inclusion (LFI) vulnerability allows unauthorized users to include files on a server through the web browser. This flaw can lead to significant security risks, as it may disclose sensitive files or allow remote code execution in some cases. In the context of the Gladinet CentreStack and TrioFox, this vulnerability allows access to internal application files, potentially leaking confidential data. The detected LFI flaw affects versions prior to 16.7.10368.56560. Exploitation occurs when user-supplied input is not validated, leading to local file paths being disclosed. Attackers can exploit this by crafting specific URL requests to gain unauthorized access to system files.

The technical details of this vulnerability reveal that an attacker can exploit it through a crafted URL. If the parameter in the URL is not correctly sanitized, it may lead to unintended file disclosure. Specifically, attackers can access 'Web.config' file paths to view sensitive data by using directory traversal sequences. The vulnerable endpoint is identified in the GET request, where unsanitized parameters interact with file systems. Matchers looking for specific configuration and web access keys help confirm the vulnerability's presence. The HTTP interaction shows that the server can return internal configuration files confirming the exploitation.

Exploiting the Local File Inclusion vulnerability could lead to severe impacts on organizations using Gladinet CentreStack and TrioFox. Information leakage, including access to application configurations and potentially sensitive data, is a significant concern. Unauthorized access to critical configuration files can aid attackers in further compromising the system. A successful attack may result in data breaches, privacy violations, and financial losses. Moreover, it can serve as a precursor for executing remote code. Organizations may face reputational damage and legal repercussions if protective measures are not implemented timely.

REFERENCES

• https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw
• https://github.com/Kazgangap/cve-poc-garage/blob/main/2025/CVE-2025-11371.md
• https://thehackernews.com/2025/10/from-lfi-to-rce-active-exploitation.html
• https://nvd.nist.gov/vuln/detail/CVE-2025-11371