CVE Vulnerabilities

CVE-2025-11371

Storage of File With Sensitive Data Under FTP Root

Published: Oct 09, 2025 | Modified: Oct 09, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. 

This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560

Weakness

The product stores sensitive data under the FTP server root with insufficient access control, which might make it accessible to untrusted parties.

Potential Mitigations

References