Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Gladinet CentreStack and Triofox workaround for CVE-2025-11371

Advisory/Mitigation
First reported
Last updated
Happening score
H score 54
1 unique sources, 3 articles

Summary

Hide ▲

CentreStack and Triofox are affected by CVE-2025-11371, a local file inclusion zero-day that threat actors have abused since late September to read Web.config, extract the ASP.NET machine key, and chain into CVE-2025-30406 for remote code execution. Gladinet has released version 16.10.10408.56683 to fix the issue and previously advised a temporary workaround for customers who cannot upgrade. The workaround disables the temp handler in Web.config for the UploadDownloadProxy component, but it can impact some functionality.

Cases

Gladinet machine-key exploitation chain (5)

Related Happenings

Linux kernel rxgk local DirtyDecrypt/DirtyCBC privilege-escalation flaw (CVE-2026-31635)

Vulnerability
First: 18.05.2026 10:18 Last: 18.05.2026 10:18 Sources 1

About this happening: A **proof-of-concept exploit** has been released for **DirtyDecrypt/DirtyCBC** (**CVE-2026-31635**), a **recently patched Linux kernel** flaw in **rxgk_decrypt_skb()** that can en...

Open Happening

Linux kernel XFRM ESP-in-TCP local privilege escalation (CVE-2026-46300)

Vulnerability
First: 14.05.2026 10:06 Last: 14.05.2026 10:06 Sources 1

About this happening: **Fragnesia** adds a fresh **Linux kernel** local privilege-escalation path, putting **unprivileged local attackers** on a route to **root access** across major distributions. The...

Latest development: 14.05.2026 16:00

Cloud security firm Wiz identified Fragnesia (CVE-2026-46300) in the Dirty Frag family, a Linux local privilege escalation that lets unprivileged local users gain root by corrupting the kernel page cache of read-only files. William Bowling of Zellic and the V12 team were credited with the discovery, and a working proof-of-concept exploit was published on May 13, 2026.

Open Happening

CPanel security patch release for CVE-2026-29201

Security Patch Release
First: 09.05.2026 10:16 Last: 09.05.2026 10:16 Sources 1

About this happening: **cPanel** released updates for **cPanel and Web Host Manager (WHM)** to fix **three vulnerabilities** that could enable **privilege escalation**, **code execution**, or **denial-...

Open Happening

CPanel security patch release for CVE-2026-41940

Security Patch Release
First: 29.04.2026 12:37 Last: 29.04.2026 12:37 Sources 1

About this happening: **cPanel** released **security updates** for **cPanel and WHM** after an **authentication bypass** flaw could let remote attackers reach control-panel access, with fixes now cover...

Latest development: 04.05.2026 22:14

CVE-2026-41940 in cPanel, WebHost Manager (WHM), and WP Squared was rapidly exploited after public disclosure, with Censys reporting attacks from multiple threat actors within 24 hours and about 15,000 potentially compromised instances in the first day. KnownHost said about 30 managed cPanel servers showed attempted exploitation, WatchTowr Labs published a PoC exploit and technical analysis, and Defused said much of the observed activity copied WatchTowr's PoC exactly.

Open Happening

CPanel and WHM authentication bypass (CVE-2026-41940)

Vulnerability
First: 29.04.2026 12:37 Last: 29.04.2026 12:37 Sources 1

About this happening: **cPanel and WHM** are affected by **CVE-2026-41940**, an **authentication bypass** in the login flow that can let **unauthenticated remote attackers** gain control-panel access....

Open Happening

Timeline

  1. 10.10.2025 22:08 1 articles · 7mo ago

    Huntress observes active CVE-2025-11371 exploitation

    Technical Analysis Update

    Researchers at Huntress detected active exploitation of CVE-2025-11371 in Gladinet CentreStack and Triofox on September 27, when a threat actor used a Local File Inclusion flaw in the default installation to read Web.config, extract the machine key, and chain CVE-2025-30406 for remote code execution.

    Show sources
    Open in new tab
  2. 10.10.2025 22:08 4 articles · 7mo ago

    Gladinet issues workaround for CVE-2025-11371

    Mitigation Patch Update

    Gladinet confirmed it is notifying CentreStack and Triofox customers of a workaround for CVE-2025-11371 on 2025-10-10, instructing them to disable the temp handler in the Web.config file for UploadDownloadProxy and remove the line that points to t.dn until a patch is available; the vendor warned that the change will impact some functionality of the platform.

    Show sources
    Open in new tab