What to do: All versions of CentreStack and Triofox file sharing servers up to and including 16.7.10368.56560 are vulnerable to CVE-2025-11371.The bad news is that Gladinet has yet to issue a patch for this, which means that for the time being the best customers can do is to apply the recommended mitigation.Luckily, according to Huntress, it’s fairly simple: disable the temp handler within the Web.config file for UploadDownloadProxy located at:C:\Program Files (x86)\Gladinet Cloud Enterprise\UploadDownloadProxy\Web.config“This will impact some functionality of the platform; however, it will ensure that this vulnerability cannot be exploited until it is patched,” said Huntress.Gladinet seems to have discovered the flaw independently of Huntress via a mutual customer and is notifying other customers of the mitigation.The flaw’s discovery reinforces that good SOC controls can often pick up exploits even when the flaw being exploited is unknown. In this case, it was “an irregular base64 payload being executed as a child of a web server process,” said the Huntress alert.”Don’t assume that being ‘fully patched’ means being secure,” Huntress director of adversary tactics, Jamie Levy, told CSO Oline.”The new Gladinet local file inclusion flaw shows how post-patch regressions can reintroduce critical risk paths. When in doubt, isolate or disable vulnerable handlers immediately, even at the cost of some functionality, to close exploit windows until the vendor releases a validated patch,” he said.File sharing and file transfer systems are now a regular target for attackers looking to steal data for extortion, recent examples of which include a vulnerability in Fortra’s GoAnywhere MFT software, and the 2023 attack affecting 2,600 organizations using the MOVEit file transfer service.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4071773/gladinet-file-sharing-zero-day-brings-patched-flaw-back-from-the-dead.html
