Gladinet Patches Exploited CentreStack Vulnerability

The unauthenticated local file inclusion bug allows attackers to retrieve the machine key and execute code remotely via a ViewState deserialization issue.

Gladinet this week released patches for a CentreStack vulnerability that has been exploited in the wild since at least late September.

Tracked as CVE-2025-11371, the issue is described as an unauthenticated file inclusion bug that allows attackers to retrieve system files.

Impacting the default configurations of Gladinet’s CentreStack and TrioFox products, the security defect was exploited in the wild as a zero-day to retrieve a ‘machineKey’ cryptographic key from a configuration file and execute arbitrary code remotely.

To achieve remote code execution, however, the attackers exploited a ViewState deserialization vulnerability, cybersecurity firm Huntress explains.

The ViewState deserialization issue was previously abused in attacks exploiting CVE-2025-30406, a critical-severity CentreStack and Triofox flaw rooted in the presence of hardcoded keys in the applications’ configuration files.

Armed with a hardcoded ...