Gladinet
-
Hard-coded cryptographic keys in Gladinet CentreStack and Triofox exploited to access web.config, Huntress says
Huntress warned that hard-coded cryptographic keys in Gladinet CentreStack and Triofox allow attackers to decrypt or forge access tickets and retrieve web.config files, enabling ViewState deserialization attempts; nine organisations have been affected and vendors have released updates.
-
Researchers: Actors abused Triofox antivirus feature to execute code as SYSTEM
Researchers say the UNC6485 cluster exploited CVE-2025-12480 in Gladinet Triofox by spoofing a localhost host header to bypass authentication, then abused the product’s antivirus configuration to run a malicious payload as SYSTEM; vendors have released patches and investigators provided indicators of compromise.
-
Unauthenticated flaw in Gladinet CentreStack and Triofox (CVE-2025-11371) exploited in the wild
Security researchers say CVE-2025-11371, an unauthenticated local file inclusion in Gladinet CentreStack and Triofox, is being exploited in the wild; Huntress recommends removing a handler from the UploadDownloadProxy Web.config as a temporary mitigation while Gladinet prepares a patch.
