The Cybersecurity and Infrastructure Security Agency (CISA) has identified a significant vulnerability in the Gladinet CentreStack and Triofox platforms, assigned CVE-2025-11371. This flaw allows unauthorized external access to sensitive system files and directories, potentially compromising organizations that use these file-sharing solutions for their operations. Active exploitation attempts have been confirmed, necessitating swift intervention from federal agencies.
CVE-2025-11371 stems from improper access controls classified under CWE-552. Attackers can exploit exposed directories to glean sensitive system configurations and user credentials, paving the way for multi-stage attacks. While not directly linked to ransomware, experts warn that the data gathered could facilitate devastating attacks in the future. The CISA recommends immediate patch application and other protective measures for affected organizations before the November 25, 2025 remediation deadline.
👉 Pročitaj original: Cyber Security News
