A zero-day vulnerability, tracked as CVE-2025-11371, is being actively exploited in Gladinet CentreStack and Triofox products, allowing local users to access system files without authentication. Gladinet CentreStack and Triofox are enterprise file-sharing and cloud storage solutions designed for businesses.

CentreStack provides a secure platform for file sharing, syncing, and collaboration, integrating on-premises storage with cloud access. Triofox offers a hybrid cloud solution enabling secure remote access to existing Windows file shares and SMB/NFS storage.

Experts are aware of mitigations, but warn that the issue has yet to be patched. A report from Huntress indicates that at least three customers have been targeted so far. Gladinet recommends disabling the temp handler in UploadDownloadProxy’s Web.config to block exploitation of the vulnerability, although this may affect some platform functionality.