Active Exploitation Detected in Gladinet and TrioFox Vulnerability

Active Exploitation Detected in Gladinet and TrioFox Vulnerability

Posted on By CWS

Oct 10, 2025Ravie LakshmananVulnerability / Zero-Day

Cybersecurity firm Huntress stated it has noticed lively in-the-wild exploitation of an unpatched safety flaw impacting Gladinet CentreStack and TrioFox merchandise.
The zero-day vulnerability, tracked as CVE-2025-11371 (CVSS rating: 6.1), is an unauthenticated native file inclusion bug that permits unintended disclosure of system recordsdata. It impacts all variations of the software program previous to and together with 16.7.10368.56560.
Huntress stated it first detected the exercise on September 27, 2025, uncovering that three of its clients have been impacted to date.
It is price noting that each functions had been beforehand affected by CVE-2025-30406 (CVSS rating: 9.0), a case of hard-coded machine key that would enable a risk actor to carry out distant code execution by way of a ViewState deserialization vulnerability. The vulnerability has since come beneath lively exploitation.

CVE-2025-11371, per Huntress, “allowed a risk actor to retrieve the machine key from the appliance Net.config file to carry out distant code execution by way of the aforementioned ViewState deserialization vulnerability. Further particulars of the flaw are being withheld in mild of lively exploration and within the absence of a patch.
In a single occasion investigated by the corporate, the affected model was newer than 16.4.10315.56368 and never susceptible to CVE-2025-30406, suggesting that attackers may exploit earlier variations and use the hard-coded machine key to execute code remotely by way of the ViewState deserialization flaw.

Within the interim, customers are advisable to disable the “temp” handler inside the Net.config file for UploadDownloadProxy situated at “C:Program Information (x86)Gladinet Cloud EnterpriseUploadDownloadProxyWeb.config.”
“It will influence some performance of the platform; nevertheless, it would be sure that this vulnerability can’t be exploited till it’s patched,” Huntress researchers Bryan Masters, James Maclachlan, Jai Minton, and John Hammond stated.

The Hacker News Tags:, , , , ,

Related Posts

LangSmith Bug Could Expose OpenAI Keys and User Data via Malicious Agents LangSmith Bug Could Expose OpenAI Keys and User Data via Malicious Agents The Hacker News
Secret Blizzard Deploys Malware in ISP-Level AitM Attacks on Moscow Embassies Secret Blizzard Deploys Malware in ISP-Level AitM Attacks on Moscow Embassies The Hacker News
Hackers Exploit Misconfigured Docker APIs to Mine Cryptocurrency via Tor Network Hackers Exploit Misconfigured Docker APIs to Mine Cryptocurrency via Tor Network The Hacker News
New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status The Hacker News
CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024 CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024 The Hacker News
U.S. Sanctions Garantex and Grinex Over 0M in Ransomware-Linked Illicit Crypto Transactions U.S. Sanctions Garantex and Grinex Over $100M in Ransomware-Linked Illicit Crypto Transactions The Hacker News