Background

• Gladinet CentreStack and Triofox are enterprise file-sharing and cloud storage solutions designed for businesses.

• CentreStack provides a secure platform for file sharing, syncing, and collaboration, integrating on-premises storage with cloud access.

• Triofox offers a hybrid cloud solution that enables secure remote access to existing Windows file shares and SMB/NFS storage.

CVE-2025-11371 - Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability

• CVSS score: 7.5

• Threat actors are actively exploiting this zero-day vulnerability to access system files without authentication.

• Gladinet and Huntress have alerted customers to a workaround by disabling the temp handler in UploadDownloadProxy's Web.config, though this will affect some platform functionality.

CVE-2025-48703 - CWP Control Web Panel OS Command Injection Vulnerability

• CVSS score: 9.0

• This vulnerability allows a remote attacker who knows a valid username on a CWP instance to execute pre-authenticated arbitrary commands on the server.

• The flaw was patched in version 0.9.8.1205 following responsible disclosure on May 13, 2025.

CISA Action

• CISA has added these two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

• Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary fixes by November 25, 2025, to secure their networks.

• Private organizations are also recommended to review the catalog and address the vulnerabilities in their infrastructure.

Sources

• https://thehackernews.com/2025/11/cisa-adds-gladinet-and-cwp-flaws-to-kev.html

• https://securityaffairs.com/184226/security/u-s-cisa-adds-gladinet-centrestack-and-cwp-control-web-panel-flaws-to-its-known-exploited-vulnerabilities-catalog.html

• https://securityonline.info/cisa-kev-alert-two-critical-flaws-under-active-exploitation-including-gladinet-lfi-rce-and-cwp-admin-takeover/