Active Exploitation Detected in Gladinet and TrioFox Vulnerability

Active Exploitation Detected in Gladinet and TrioFox Vulnerability

Posted on By CWS

Oct 10, 2025Ravie LakshmananVulnerability / Zero-Day

Cybersecurity firm Huntress stated it has noticed lively in-the-wild exploitation of an unpatched safety flaw impacting Gladinet CentreStack and TrioFox merchandise.
The zero-day vulnerability, tracked as CVE-2025-11371 (CVSS rating: 6.1), is an unauthenticated native file inclusion bug that permits unintended disclosure of system recordsdata. It impacts all variations of the software program previous to and together with 16.7.10368.56560.
Huntress stated it first detected the exercise on September 27, 2025, uncovering that three of its clients have been impacted to date.
It is price noting that each functions had been beforehand affected by CVE-2025-30406 (CVSS rating: 9.0), a case of hard-coded machine key that would enable a risk actor to carry out distant code execution by way of a ViewState deserialization vulnerability. The vulnerability has since come beneath lively exploitation.

CVE-2025-11371, per Huntress, “allowed a risk actor to retrieve the machine key from the appliance Net.config file to carry out distant code execution by way of the aforementioned ViewState deserialization vulnerability. Further particulars of the flaw are being withheld in mild of lively exploration and within the absence of a patch.
In a single occasion investigated by the corporate, the affected model was newer than 16.4.10315.56368 and never susceptible to CVE-2025-30406, suggesting that attackers may exploit earlier variations and use the hard-coded machine key to execute code remotely by way of the ViewState deserialization flaw.

Within the interim, customers are advisable to disable the “temp” handler inside the Net.config file for UploadDownloadProxy situated at “C:Program Information (x86)Gladinet Cloud EnterpriseUploadDownloadProxyWeb.config.”
“It will influence some performance of the platform; nevertheless, it would be sure that this vulnerability can’t be exploited till it’s patched,” Huntress researchers Bryan Masters, James Maclachlan, Jai Minton, and John Hammond stated.

The Hacker News Tags:, , , , ,

Related Posts

Why CTEM is the Winning Bet for CISOs in 2025 Why CTEM is the Winning Bet for CISOs in 2025 The Hacker News
U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme The Hacker News
Critical Security Flaw Patched in BeyondTrust Products Critical Security Flaw Patched in BeyondTrust Products The Hacker News
New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards The Hacker News
Google’s August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wild Google’s August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wild The Hacker News
Claude Opus 4.6 Uncovers 500+ Severe Flaws in Open-Source Software Claude Opus 4.6 Uncovers 500+ Severe Flaws in Open-Source Software The Hacker News