GRAPHIC APPAREL SHOPFile-sharing platforms are indispensable for modern organizations, but they also present lucrative targets for cybercriminals. A recent zero-day vulnerability uncovered in CentreStack and Triofox, two prominent file-sharing tools by Gladinet, has prompted urgent warnings from security experts. The flaw is already being actively exploited, underscoring the need for immediate defensive measures.
Understanding the Latest Vulnerability
Tracked as CVE-2025-11371, this is a local file inclusion vulnerability that, while rated at 6.2 (moderate), poses significant real-world risk. Attackers began exploiting the flaw as early as September 27, 2025, even targeting organizations that had already addressed a previous critical bug in the same suite. The rapid shift in attack methods has left many users exposed.
- This is the second major vulnerability in Gladinet products this year.
- The flaw allows attackers to access key configuration files, such as web.config, increasing the potential for further compromise.
- With access to machine keys, attackers can combine this exploit with CVE-2025-30406 to achieve remote code execution (RCE), taking full control of affected systems.
- Confirmed breaches include at least three CentreStack customers, with more likely as attacks continue.
Who Is Most Vulnerable?
CentreStack and Triofox are widely adopted by managed service providers (MSPs) and enterprise clients seeking secure, VPN-free remote file access. Their customer base spans industries handling sensitive information including healthcare, engineering, and legal sectors which heightens the stakes of potential breaches. For MSPs, the risk is multiplied, as a single compromise can cascade across multiple client environments.
Cybercriminals, particularly ransomware and extortion groups, are drawn to these high-value targets. The prospect of accessing sensitive business and client data makes these platforms especially attractive for financially motivated attacks.
Mitigation in the Absence of a Patch
Unlike many incidents where a patch is quickly available, there is currently no official fix for CVE-2025-11371. Gladinet has collaborated with affected customers to implement a temporary workaround, with instructions distributed via Huntress’s blog and direct vendor communications. All users are strongly urged to apply these mitigations without delay.
- No timeline has been set for a permanent patch release.
- Organizations should closely monitor systems for unusual activity and audit access logs frequently.
- Maintaining communication with Gladinet and security advisories is essential for staying informed about new developments.
The Bigger Picture: File Sharing Software as a Cyber Target
This event aligns with a broader trend of attackers targeting file-sharing and remote access software. Such platforms enable the transfer of critical data, making them high-priority targets for theft, disruption, or ransomware.
Previous large-scale incidents, like those involving GoAnywhere and MOVEit, demonstrate the far-reaching consequences of these attacks, which can affect thousands of organizations through supply chain vulnerabilities.
The Gladinet vulnerabilities illustrate how a single flaw in software used by MSPs and enterprises can threaten entire service ecosystems, amplifying the risk and potential damage.
Takeaway: Stay Proactive and Prepared
The unfolding CentreStack and Triofox zero-day situation is a vivid reminder that cybersecurity is a continuous battle. Organizations relying on these tools must urgently apply all recommended mitigations and stay alert for future updates. With attackers moving quickly to exploit every opportunity, only a proactive and vigilant approach will ensure the security of sensitive data and business operations.
Urgent Zero-Day Vulnerability Puts File Sharing Platforms at Risk