CISA Issues Alert on Gladinet CentreStack and Triofox Vulnerabilities Under Active Exploitation

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Gladinet CentreStack and Triofox to its Known Exploited Vulnerabilities catalog, signaling active exploitation in the wild.

The flaw, tracked as CVE-2025-11371, exposes sensitive system files to unauthorized external parties, posing a significant risk to organizations relying on these cloud file-sharing platforms.

Overview of the Vulnerability

CVE-2025-11371 represents a file or directory accessible to external parties, categorized under CWE-552.

This weakness allows attackers to access sensitive files and directories that should remain protected, leading to unintended disclosure of system information.

The vulnerability stems from inadequate access controls within the Gladinet platforms, potentially exposing confidential data stored on affected systems.

CWE-552 weaknesses are particularly dangerous in cloud environments and storage solutions, where misconfigured permissions can grant unauthorized users direct access to sensitive information.

In the case of CentreStack and Triofox, which are designed for collaborative file sharing and remote ...