The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Gladinet CentreStack and Triofox to its Known Exploited Vulnerabilities catalog, signaling active exploitation in the wild.
The flaw, tracked as CVE-2025-11371, exposes sensitive system files to unauthorized external parties, posing a significant risk to organizations relying on these cloud file-sharing platforms.
Overview of the Vulnerability
CVE-2025-11371 represents a file or directory accessible to external parties, categorized under CWE-552.
This weakness allows attackers to access sensitive files and directories that should remain protected, leading to unintended disclosure of system information.
The vulnerability stems from inadequate access controls within the Gladinet platforms, potentially exposing confidential data stored on affected systems.
CWE-552 weaknesses are particularly dangerous in cloud environments and storage solutions, where misconfigured permissions can grant unauthorized users direct access to sensitive information.
In the case of CentreStack and Triofox, which are designed for collaborative file sharing and remote access, this vulnerability could allow external threat actors to retrieve files without proper authentication or authorization.
CISA added CVE-2025-11371 to its Known Exploited Vulnerabilities catalog on November 4, 2025, with a compliance deadline of November 25, 2025.
This timeline indicates that federal agencies and critical infrastructure organizations must address the vulnerability within three weeks, establishing a sense of urgency in the security community.
The fact that this vulnerability is already under active exploitation means threat actors have developed working techniques to bypass security controls and access files through affected Gladinet platforms.
Organizations should not treat this as a theoretical risk but rather as an immediate threat requiring urgent patching or remediation.
CISA provides three distinct mitigation pathways for affected organizations. First, administrators should apply all available patches and security updates provided by Gladinet, following the vendor’s instructions.
These updates are designed to close the unauthorized access pathway and restore proper access controls.
Second, federal agencies and organizations handling sensitive data should follow BOD 22-01 guidance specifically designed for cloud service security.
This directive emphasizes the importance of monitoring cloud infrastructure, enforcing multi-factor authentication, and implementing zero-trust security principles.
Third, if mitigations remain unavailable or prove insufficient, organizations should consider discontinuing use of the affected Gladinet CentreStack and Triofox products entirely.
While this represents a significant operational impact, it eliminates the risk of exploitation in critical environments.
Organizations using CentreStack or Triofox should immediately inventory all instances of these platforms within their infrastructure.
Security teams must check Gladinet’s official website and security advisories for available patches or workarounds addressing CVE-2025-11371.
Internal systems should be scanned for unauthorized file access or suspicious activity patterns that could indicate prior compromise.
The 21-day compliance deadline imposed by CISA reflects the severity and exploitability of this vulnerability.
Organizations that delay responses risk noncompliance with federal security requirements and exposure to active threat actors hunting for unpatched systems.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.