Search criteria
8 vulnerabilities found for triofox by gladinet
CVE-2025-14611 (GCVE-0-2025-14611)
Vulnerability from nvd – Published: 2025-12-12 21:01 – Updated: 2025-12-16 04:55
VLAI?
Title
Gladinet CentreStack and TrioFox Hard Coded AES Keys
Summary
Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication. This opens the door for future exploitation and can be leveraged with previous vulnerabilities to gain a full system compromise.
Severity ?
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gladinet | CentreStack and TrioFox |
Affected:
0 , < 16.12.10420.56791
(custom)
|
Credits
Bryan Masters
John Hammond
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14611",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-12-15",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14611"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T04:55:55.465Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14611"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-15T00:00:00+00:00",
"value": "CVE-2025-14611 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CentreStack and TrioFox",
"vendor": "Gladinet",
"versions": [
{
"lessThan": "16.12.10420.56791",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bryan Masters"
},
{
"lang": "en",
"type": "finder",
"value": "John Hammond"
}
],
"datePublic": "2025-12-12T20:31:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication. This opens the door for future exploitation and can be leveraged with previous vulnerabilities to gain a full system compromise."
}
],
"value": "Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication. This opens the door for future exploitation and can be leveraged with previous vulnerabilities to gain a full system compromise."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "ATTACKED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:A",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T21:01:13.116Z",
"orgId": "5dacb0b8-2277-4717-899c-254586fe4912",
"shortName": "Huntress"
},
"references": [
{
"url": "https://www.huntress.com/blog/active-exploitation-gladinet-centrestack-triofox-insecure-cryptography-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Gladinet CentreStack and TrioFox Hard Coded AES Keys",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5dacb0b8-2277-4717-899c-254586fe4912",
"assignerShortName": "Huntress",
"cveId": "CVE-2025-14611",
"datePublished": "2025-12-12T21:01:13.116Z",
"dateReserved": "2025-12-12T20:22:27.367Z",
"dateUpdated": "2025-12-16T04:55:55.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12480 (GCVE-0-2025-12480)
Vulnerability from nvd – Published: 2025-11-10 14:20 – Updated: 2025-11-12 17:20
VLAI?
Summary
Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.
Severity ?
9.1 (Critical)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Credits
Stallone D’Souza, Mandiant
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12480",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-11T04:55:39.630430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-11-12",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-12480"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T17:20:24.201Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-12480"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-12T00:00:00+00:00",
"value": "CVE-2025-12480 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TrioFox",
"vendor": "TrioFox",
"versions": [
{
"lessThan": "16.7.10368.56560",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Stallone D\u2019Souza, Mandiant"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete."
}
],
"value": "Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T15:28:21.167Z",
"orgId": "027e81ed-0dd4-4685-ab4d-884aec5bb484",
"shortName": "Mandiant"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0008.md"
},
{
"tags": [
"product"
],
"url": "https://www.triofox.com/"
},
{
"tags": [
"release-notes"
],
"url": "https://access.triofox.com/releases_history/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "027e81ed-0dd4-4685-ab4d-884aec5bb484",
"assignerShortName": "Mandiant",
"cveId": "CVE-2025-12480",
"datePublished": "2025-11-10T14:20:40.677Z",
"dateReserved": "2025-10-29T16:41:20.748Z",
"dateUpdated": "2025-11-12T17:20:24.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11371 (GCVE-0-2025-11371)
Vulnerability from nvd – Published: 2025-10-09 16:50 – Updated: 2025-11-04 23:20
VLAI?
Title
Gladinet CentreStack and TrioFox Local File Inclusion Flaw
Summary
In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild.
This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560
Severity ?
7.5 (High)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gladinet | CentreStack and TrioFox |
Affected:
0 , ≤ 16.7.10368.56560
(custom)
|
Credits
Bryan Masters
James Maclachlan
Jai Minton
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-11371",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-04T04:55:24.660911Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-11-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-11371"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T23:20:24.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-11371"
},
{
"tags": [
"mitigation"
],
"url": "https://www.centrestack.com/p/gce_latest_release.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-04T00:00:00+00:00",
"value": "CVE-2025-11371 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "CentreStack and TrioFox",
"vendor": "Gladinet",
"versions": [
{
"lessThanOrEqual": "16.7.10368.56560",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bryan Masters"
},
{
"lang": "en",
"type": "finder",
"value": "James Maclachlan"
},
{
"lang": "en",
"type": "finder",
"value": "Jai Minton"
}
],
"datePublic": "2025-10-09T13:51:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eThis issue impacts Gladinet CentreStack and Triofox: All versions prior to and including\u0026nbsp;16.7.10368.56560"
}
],
"value": "In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild.\u00a0\n\nThis issue impacts Gladinet CentreStack and Triofox: All versions prior to and including\u00a016.7.10368.56560"
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T16:50:49.117Z",
"orgId": "5dacb0b8-2277-4717-899c-254586fe4912",
"shortName": "Huntress"
},
"references": [
{
"url": "https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Gladinet CentreStack and TrioFox Local File Inclusion Flaw",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "If you currently utilize either CentreStack or TrioFox, please check your inbox for communication from Gladinet regarding a temporary mitigation while a patch is being developed.\u0026nbsp;"
}
],
"value": "If you currently utilize either CentreStack or TrioFox, please check your inbox for communication from Gladinet regarding a temporary mitigation while a patch is being developed."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5dacb0b8-2277-4717-899c-254586fe4912",
"assignerShortName": "Huntress",
"cveId": "CVE-2025-11371",
"datePublished": "2025-10-09T16:50:49.117Z",
"dateReserved": "2025-10-06T14:00:55.234Z",
"dateUpdated": "2025-11-04T23:20:24.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14611 (GCVE-0-2025-14611)
Vulnerability from cvelistv5 – Published: 2025-12-12 21:01 – Updated: 2025-12-16 04:55
VLAI?
Title
Gladinet CentreStack and TrioFox Hard Coded AES Keys
Summary
Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication. This opens the door for future exploitation and can be leveraged with previous vulnerabilities to gain a full system compromise.
Severity ?
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gladinet | CentreStack and TrioFox |
Affected:
0 , < 16.12.10420.56791
(custom)
|
Credits
Bryan Masters
John Hammond
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14611",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-12-15",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14611"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T04:55:55.465Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14611"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-15T00:00:00+00:00",
"value": "CVE-2025-14611 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CentreStack and TrioFox",
"vendor": "Gladinet",
"versions": [
{
"lessThan": "16.12.10420.56791",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bryan Masters"
},
{
"lang": "en",
"type": "finder",
"value": "John Hammond"
}
],
"datePublic": "2025-12-12T20:31:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication. This opens the door for future exploitation and can be leveraged with previous vulnerabilities to gain a full system compromise."
}
],
"value": "Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication. This opens the door for future exploitation and can be leveraged with previous vulnerabilities to gain a full system compromise."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "ATTACKED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:A",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T21:01:13.116Z",
"orgId": "5dacb0b8-2277-4717-899c-254586fe4912",
"shortName": "Huntress"
},
"references": [
{
"url": "https://www.huntress.com/blog/active-exploitation-gladinet-centrestack-triofox-insecure-cryptography-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Gladinet CentreStack and TrioFox Hard Coded AES Keys",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5dacb0b8-2277-4717-899c-254586fe4912",
"assignerShortName": "Huntress",
"cveId": "CVE-2025-14611",
"datePublished": "2025-12-12T21:01:13.116Z",
"dateReserved": "2025-12-12T20:22:27.367Z",
"dateUpdated": "2025-12-16T04:55:55.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12480 (GCVE-0-2025-12480)
Vulnerability from cvelistv5 – Published: 2025-11-10 14:20 – Updated: 2025-11-12 17:20
VLAI?
Summary
Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.
Severity ?
9.1 (Critical)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Credits
Stallone D’Souza, Mandiant
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12480",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-11T04:55:39.630430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-11-12",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-12480"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T17:20:24.201Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-12480"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-12T00:00:00+00:00",
"value": "CVE-2025-12480 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TrioFox",
"vendor": "TrioFox",
"versions": [
{
"lessThan": "16.7.10368.56560",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Stallone D\u2019Souza, Mandiant"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete."
}
],
"value": "Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T15:28:21.167Z",
"orgId": "027e81ed-0dd4-4685-ab4d-884aec5bb484",
"shortName": "Mandiant"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0008.md"
},
{
"tags": [
"product"
],
"url": "https://www.triofox.com/"
},
{
"tags": [
"release-notes"
],
"url": "https://access.triofox.com/releases_history/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "027e81ed-0dd4-4685-ab4d-884aec5bb484",
"assignerShortName": "Mandiant",
"cveId": "CVE-2025-12480",
"datePublished": "2025-11-10T14:20:40.677Z",
"dateReserved": "2025-10-29T16:41:20.748Z",
"dateUpdated": "2025-11-12T17:20:24.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11371 (GCVE-0-2025-11371)
Vulnerability from cvelistv5 – Published: 2025-10-09 16:50 – Updated: 2025-11-04 23:20
VLAI?
Title
Gladinet CentreStack and TrioFox Local File Inclusion Flaw
Summary
In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild.
This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560
Severity ?
7.5 (High)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gladinet | CentreStack and TrioFox |
Affected:
0 , ≤ 16.7.10368.56560
(custom)
|
Credits
Bryan Masters
James Maclachlan
Jai Minton
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-11371",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-04T04:55:24.660911Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-11-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-11371"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T23:20:24.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-11371"
},
{
"tags": [
"mitigation"
],
"url": "https://www.centrestack.com/p/gce_latest_release.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-04T00:00:00+00:00",
"value": "CVE-2025-11371 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "CentreStack and TrioFox",
"vendor": "Gladinet",
"versions": [
{
"lessThanOrEqual": "16.7.10368.56560",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bryan Masters"
},
{
"lang": "en",
"type": "finder",
"value": "James Maclachlan"
},
{
"lang": "en",
"type": "finder",
"value": "Jai Minton"
}
],
"datePublic": "2025-10-09T13:51:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eThis issue impacts Gladinet CentreStack and Triofox: All versions prior to and including\u0026nbsp;16.7.10368.56560"
}
],
"value": "In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild.\u00a0\n\nThis issue impacts Gladinet CentreStack and Triofox: All versions prior to and including\u00a016.7.10368.56560"
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T16:50:49.117Z",
"orgId": "5dacb0b8-2277-4717-899c-254586fe4912",
"shortName": "Huntress"
},
"references": [
{
"url": "https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Gladinet CentreStack and TrioFox Local File Inclusion Flaw",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "If you currently utilize either CentreStack or TrioFox, please check your inbox for communication from Gladinet regarding a temporary mitigation while a patch is being developed.\u0026nbsp;"
}
],
"value": "If you currently utilize either CentreStack or TrioFox, please check your inbox for communication from Gladinet regarding a temporary mitigation while a patch is being developed."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5dacb0b8-2277-4717-899c-254586fe4912",
"assignerShortName": "Huntress",
"cveId": "CVE-2025-11371",
"datePublished": "2025-10-09T16:50:49.117Z",
"dateReserved": "2025-10-06T14:00:55.234Z",
"dateUpdated": "2025-11-04T23:20:24.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
FKIE_CVE-2025-12480
Vulnerability from fkie_nvd - Published: 2025-11-10 15:15 - Updated: 2025-11-14 02:00
Severity ?
Summary
Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.
References
{
"cisaActionDue": "2025-12-03",
"cisaExploitAdd": "2025-11-12",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Gladinet Triofox Improper Access Control Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gladinet:triofox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85D1B442-0354-472A-9A4C-1417AAE16936",
"versionEndExcluding": "16.7.10368.56560",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete."
}
],
"id": "CVE-2025-12480",
"lastModified": "2025-11-14T02:00:02.350",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "mandiant-cve@google.com",
"type": "Secondary"
}
]
},
"published": "2025-11-10T15:15:36.527",
"references": [
{
"source": "mandiant-cve@google.com",
"tags": [
"Release Notes"
],
"url": "https://access.triofox.com/releases_history/"
},
{
"source": "mandiant-cve@google.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480"
},
{
"source": "mandiant-cve@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0008.md"
},
{
"source": "mandiant-cve@google.com",
"tags": [
"Product"
],
"url": "https://www.triofox.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-12480"
}
],
"sourceIdentifier": "mandiant-cve@google.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "mandiant-cve@google.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-11371
Vulnerability from fkie_nvd - Published: 2025-10-09 17:15 - Updated: 2025-11-05 14:32
Severity ?
Summary
In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild.
This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gladinet | centrestack | * | |
| gladinet | triofox | * |
{
"cisaActionDue": "2025-11-25",
"cisaExploitAdd": "2025-11-04",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gladinet:centrestack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E558139A-6A80-4BAA-8786-15E5AFCA9C37",
"versionEndExcluding": "16.10.10408.56683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gladinet:triofox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D9B616-FF33-4FF0-A97C-4C0B134E7B40",
"versionEndIncluding": "16.7.10368.56560",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild.\u00a0\n\nThis issue impacts Gladinet CentreStack and Triofox: All versions prior to and including\u00a016.7.10368.56560"
}
],
"id": "CVE-2025-11371",
"lastModified": "2025-11-05T14:32:00.610",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-10-09T17:15:58.507",
"references": [
{
"source": "5dacb0b8-2277-4717-899c-254586fe4912",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Release Notes"
],
"url": "https://www.centrestack.com/p/gce_latest_release.html"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-11371"
}
],
"sourceIdentifier": "5dacb0b8-2277-4717-899c-254586fe4912",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}