Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

Gladinet Fixes Actively Exploited Zero-Day in File-Sharing Software




Gladinet has taken swift action in response to an actively exploited zero-day vulnerability found in its CentreStack business solution. This move underscores the importance of constant vigilance on the part of organizations using Gladinet's services, as well as the need for proactive security measures to safeguard against increasingly sophisticated threats.

  • Gladinet has released a security update to address a local file inclusion vulnerability (CVE-2025-11371) in its CentreStack business solution.
  • The vulnerability allows attackers to read any file the SYSTEM account can access, including Web.config, which contains the ASP.NET machine key.
  • A minimal proof-of-concept exploit was published by researchers at cybersecurity platform Huntress, showing that the flaw is a bypass for mitigations Gladinet had implemented for the previously identified vulnerability.
  • Gladinet has provided fixes and updates to CentreStack version 16.10.10408.56683, which is now recommended for all users.
  • The impact of this vulnerability cannot be overstated, as malicious actors have already exploited it to attack fully patched CentreStack deployments.



  • The cybersecurity landscape is a perpetual battleground where threats and vulnerabilities constantly evolve, forcing organizations to adapt their security measures at every turn. In the latest chapter of this ongoing saga, Gladinet has emerged as a champion, releasing a security update that addresses a local file inclusion vulnerability (CVE-2025-11371) in its CentreStack business solution, thereby stemming the tide of actively exploited zero-days in the wake of a recent attack.

    The root cause of the LFI issue is a sanitization failure at the temp-download handler, reachable at /storage/t.dn, which accepts an 's=' parameter, leading to directory traversal. This vulnerability allows attackers to read any file the SYSTEM account can access, including Web.config, which contains the ASP.NET machine key. The combination of this vulnerability with CVE-2025-30406 - a deserialization vulnerability that leads to remote code execution (RCE) - enables threat actors to forge malicious ViewState payloads that can be deserialized by the server due to the former, ultimately resulting in RCE.

    Researchers at cybersecurity platform Huntress disclosed the exploitation activity last week, stating that the flaw was a bypass for mitigations Gladinet had implemented for the previously identified vulnerability. The Huntress team published technical details on CVE-2025-11371, including a minimal proof-of-concept exploit.

    In an effort to assist its customers in mitigating this threat, Gladinet quickly provided fixes and updates to CentreStack version 16.10.10408.56683, which is now recommended for all users. For those whose installations pose technical challenges, administrators are advised to disable the temp handler in the Web.config file for the UploadDownloadProxy component by removing the line that defines it.

    The impact of this vulnerability cannot be overstated, as malicious actors have already exploited it to attack fully patched CentreStack deployments. This underscores the need for constant vigilance on the part of organizations using Gladinet's services. By acknowledging and addressing such vulnerabilities promptly, businesses can safeguard their assets against increasingly sophisticated attacks.

    Furthermore, this development serves as a reminder that no security solution is foolproof, and that even well-established firms must stay vigilant in their pursuit of security excellence. As the cybersecurity landscape continues to evolve at breakneck speeds, organizations must remain proactive in monitoring their systems for potential vulnerabilities and take swift action upon discovering them.

    In conclusion, Gladinet's swift response to this actively exploited zero-day highlights the company's commitment to customer safety and its dedication to mitigating threats that might otherwise go undetected. As threat actors continually seek new avenues through which to exploit vulnerabilities, organizations must prioritize proactive security measures to safeguard their data and maintain a strong defense posture.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/Gladinet-Fixes-Actively-Exploited-Zero-Day-in-File-Sharing-Software-ehn.shtml

  • https://www.bleepingcomputer.com/news/security/gladinet-fixes-actively-exploited-zero-day-in-file-sharing-software/

  • https://forbespanama.com/gladinet-fixes-actively-exploited-zero-day-in-file-sharing-software-program/


  • Published: Fri Oct 17 03:11:18 2025 by llama3.2 3B Q4_K_M













    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us