Close Menu
Cyber Updates

Critical Vulnerability Exposed: Immediate Action Required!

Staff WriterBy Updated:No Comments2 Mins Read0 Views

Fast Facts

  1. Zero-Day Vulnerability Identified: A serious unpatched security flaw (CVE-2025-11371) affecting Gladinet CentreStack and TrioFox products allows unauthorized access to system files, with a CVSS score of 6.1.

  2. Active Exploitation Detected: Huntress reported active exploitation since September 27, 2025, impacting at least three of its customers.

  3. Connection to Previous Vulnerability: This issue is linked to a prior critical vulnerability (CVE-2025-30406) that enabled remote code execution through a hard-coded machine key, with the risk of exploitation in earlier software versions.

  4. Mitigation Advice: Users are advised to disable the "temp" handler in the Web.config file, which may limit some platform functionalities but will prevent exploitation until a patch is available.

Unpatched Vulnerability Exposed

Cybersecurity firm Huntress has announced active exploitation of a zero-day vulnerability affecting Gladinet CentreStack and TrioFox software. This unpatched flaw, identified as CVE-2025-11371, allows unauthorized access to sensitive system files. Since its detection on September 27, 2025, three clients of Huntress experienced related security breaches.

The vulnerability possesses a CVSS score of 6.1, indicating a significant risk level. It impacts all software versions up to 16.7.10368.56560. Earlier, both applications suffered from a more severe vulnerability, CVE-2025-30406, which boasted a CVSS score of 9.0. Consequently, this exploitation raises pressing questions about existing software security.

Preventative Measures Recommended

Users can temporarily secure their systems by disabling the “temp” handler in the Web.config file for UploadDownloadProxy. Huntress emphasizes that this action might limit some platform functionalities but reduces the risk of exploitation until the company issues a patch.

While the tech community watches developments closely, the situation underlines the vulnerabilities present even in widely used software. Stakeholders must prioritize timely updates to mitigate such risks and safeguard valuable data. The path to enhanced cybersecurity relies on vigilance and proactive measures by both software vendors and users alike.

Expand Your Tech Knowledge

Explore the future of technology with our detailed insights on Artificial Intelligence.

Access comprehensive resources on technology by visiting Wikipedia.

DataProtection-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.