Huntress
-
Unauthenticated flaw in Gladinet CentreStack and Triofox (CVE-2025-11371) exploited in the wild
Security researchers say CVE-2025-11371, an unauthenticated local file inclusion in Gladinet CentreStack and Triofox, is being exploited in the wild; Huntress recommends removing a handler from the UploadDownloadProxy Web.config as a temporary mitigation while Gladinet prepares a patch.
-
Cybersecurity Firm Reports on Exploitation of Serious CrushFTP Vulnerability
Huntress has detailed alarming activities following exploitation of the CrushFTP vulnerability, demonstrating ongoing risks to critical sectors like marketing and retail. CISA has added the flaw to its KEV catalog, prompting renewed urgency for organizations to secure their systems.
