Sign in / up

back to article Zero-day in file-sharing software leads to RCE, and attacks are ongoing

Security research firm Huntress is warning all users of Gladinet's CentreStack and Triofox file-sharing tools to urgently apply an available mitigation, as a zero-day is being actively exploited and there's no patch available. Tracked as CVE-2025-11371 (severity 6.2), the local file inclusion vulnerability is the second bug …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. veti Silver badge

    But don't patch?

    Your teaser says you're not advocating patching. But your article neglects to say why.

    3 0 Reply
    1. JessicaRabbit
      Reply Icon

      Re: But don't patch?

      From TFA:

      Security research firm Huntress is warning all users of Gladinet's CentreStack and Triofox file-sharing tools to urgently apply an available mitigation, as a zero-day is being actively exploited and *there's no patch available.*

      4 0 Reply
  2. jezza99

    What is Glainet?

    I’m so glad I don’t know the answer to that question

    2 0 Reply

  3. This post has been deleted by its author

  4. Anonymous Coward
    Anonymous Coward

    What does it run on?

    ‘.. users are recommended to disable the "temp" handler within the Web.config file for UploadDownloadProxy located at "C:\Program Files (x86)\Gladinet Cloud Enterprise\UploadDownloadProxy\Web.config."’

    1 0 Reply
    1. kmorwath
      Reply Icon

      Re: What does it run on?

      The path itself show they have no clue how to properly deploy a web application under Windows. Nor any application, for the matter.

      No surprise the web.config file wasn't hardened - but you can obtain the same results with bad .htaccess files or the like under Linux as well.

      2 1 Reply
  5. sin

    People should learn once for all

    "secure" and "VPN-free" don't go into the same sentence when we talk about "remote file access", or any other access to private data.

    NO EXCEPTIONS!

    1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like