Zero-Day Drama: CentreStack and Triofox Vulnerability Exposes System Files!
Threat actors are having a field day with CVE-2025-11371, a zero-day vulnerability in Gladinet’s CentreStack and Triofox products. This flaw lets local attackers access system files like they’re flipping through a magazine, no authentication required. No patch yet, but mitigations are available to thwart these digital mischief-makers.
Hot Take:
Well, it looks like cybercriminals have found themselves a new playground in Gladinet CentreStack and Triofox – a zero-day vulnerability that’s as elusive as a greased pig at a county fair. While the security patch is still MIA, attackers are having a field day exploiting this vulnerability like it’s Black Friday at a hacker’s convention. For now, users are left with the cybersecurity equivalent of duct tape and prayers to fend off these digital miscreants!
Key Points:
- Threat actors are exploiting a zero-day vulnerability (CVE-2025-11371) in Gladinet CentreStack and Triofox products.
- The flaw allows local attackers to access system files without authentication.
- At least three companies have been targeted, with all versions of the software affected.
- An older deserialization vulnerability (CVE-2025-30406) is being used in conjunction with the new exploit.
- Mitigations are available, but they may impact some functionality until a patch is developed.