Critical Gladinet Vulnerability (CVE-2025-11371) Actively Exploited: How to Protect Your Data
A critical zero-day vulnerability has been discovered in Gladinet’s CentreStack and Triofox file-sharing platforms, and security researchers confirm it is being actively exploited in the wild. This security flaw, tracked as CVE-2025-11371, poses a significant threat to organizations that rely on these tools for secure file synchronization and sharing, potentially exposing sensitive corporate data to unauthorized access.
If your organization uses CentreStack or Triofox, immediate action is required to prevent a potential breach.
Understanding the Threat: What is CVE-2025-11371?
This vulnerability impacts the core functionality of Gladinet’s software, which is often self-hosted by businesses to create a private, secure cloud-like environment. The flaw allows an unauthenticated attacker to gain unauthorized access and potentially execute malicious code on the server.
The most alarming aspect of this situation is its status as a zero-day vulnerability. This means that attackers were already exploiting the flaw before a security patch was developed and made available by the vendor. This gives threat actors a crucial head start, making it imperative for administrators to act swiftly.
The consequences of a successful exploit are severe and can include:
- Complete data exfiltration of all files stored on the platform.
- Deployment of ransomware, encrypting critical business data.
- Gaining a persistent foothold within the corporate network for further attacks.
- Modification or deletion of sensitive information.
Because these platforms are designed to centralize and manage critical business files, they are a high-value target for cybercriminals.
Immediate Steps to Mitigate Risk
Patching is the first and most critical step, but it is not the only one. Since this vulnerability was exploited before a fix was available, you must also investigate your systems for signs of an existing compromise.
Follow these essential security measures immediately:
1. Update Your Systems Immediately
Gladinet has released a patch to address this vulnerability. Applying the latest security update is the most important step you can take to protect your environment from future attacks. You must upgrade your CentreStack or Triofox instance to the latest available version. Check the official Gladinet portal for the correct patched version for your product.
2. Investigate for Signs of Compromise
Patching closes the door to new attacks, but it does not remove an attacker who is already inside. You must thoroughly inspect your systems for indicators of compromise (IOCs). Look for:
- Unusual or newly created user accounts with high privileges.
- Suspicious processes running on the server.
- Unexpected outbound network traffic to unfamiliar IP addresses.
- Signs of large data transfers or file archives (.zip, .rar) in unusual locations.
3. Review Access Logs
Carefully analyze system and application logs for any anomalous activity. Pay close attention to authentication logs, looking for repeated failed login attempts followed by a success from an unknown IP address. Also, review file access logs to identify any unusual access patterns or downloads of sensitive data that occurred before you applied the patch.
4. Enhance Network Security
As a best practice, ensure that your CentreStack or Triofox server is not unnecessarily exposed to the public internet. Implement network segmentation and strict firewall rules to limit access only to trusted IP addresses and necessary ports. This principle of “least privilege” can significantly reduce the attack surface for this and future vulnerabilities.
5. Maintain Secure Backups
Ensure you have recent, offline, and immutable backups of your critical data. In a worst-case scenario where your system is compromised by ransomware, a reliable backup is your most effective tool for recovery. Regularly test your backup and restoration procedures to ensure they work as expected.
The active exploitation of CVE-2025-11371 is a stark reminder of the persistent threats facing internet-facing applications. Proactive security, rapid patch management, and diligent threat hunting are essential to safeguarding your organization’s digital assets. Do not delay—take action now to secure your Gladinet environment.
Source: https://securityaffairs.com/183259/hacking/cve-2025-11371-unpatched-zero-day-in-gladinet-centrestack-triofox-under-attack.html
