Detections
Analytics

Gladinet CentreStack/Triofox < 16.10.10408.56683 Local File Inclusion

high Web App Scanning Plugin ID 115030

Language:

Synopsis

Gladinet CentreStack/Triofox < 16.10.10408.56683 Local File Inclusion

Description

Gladinet CentreStack/Triofox versions prior to 16.10.10408.56683 are vulnerable to a Local File Inclusion (LFI) vulnerability. An unauthenticated attacker could exploit this issue to read arbitrary files on the affected system, potentially leading to information disclosure.

The vulnerability exists due to insufficient validation of user-supplied input in the file inclusion functionality. An attacker could manipulate the input to include files from the local file system, such as configuration files or sensitive data.

Successful exploitation of this vulnerability could allow an attacker to gain access to sensitive information, which could be used for further attacks against the system or network.

Solution

Upgrade to Gladinet CentreStack/Triofox version 16.10.10408.56683 or later.

See Also

https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw

Plugin Details

Severity: High

ID: 115030

Type: remote

Published: 11/10/2025

Updated: 11/10/2025

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 5.2

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:P

CVSS Score Source: CVE-2025-11371

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS Score Source: CVE-2025-11371

Vulnerability Information

CPE: cpe:2.3:a:gladinet:centrestack:*:*:*:*:*:*:*:*

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/21/2021

Vulnerability Publication Date: 10/8/2025

CISA Known Exploited Vulnerability Due Dates: 11/25/2025

Reference Information

CVE: CVE-2025-11371