Detection for CVE-2025-11371# CVE-2025-11371
In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560
## How does this detection method work?
This detection script works by sending a GET request to the CentreStack login page, extracting the build version number from the response body using regex, and then checking if that version is less than or equal to 16.7.10368.56560 to determine if the system is vulnerable to CVE-2025-11371.
## How do I run this script?
1. Download Nuclei from [here](https://github.com/projectdiscovery/nuclei)
2. Copy the template to your local system
3. Run the following command: `nuclei -u https://yourHost.com -t template.yaml`
### Example Output
<img width="772" height="77" alt="image" src="https://github.com/user-attachments/assets/08a38a4b-0306-473f-a42e-f3d374950e80" />
## References
- https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw
- https://www.cve.org/CVERecord?id=CVE-2025-11371
## Disclaimer
Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.
---
## Contact
Feel free to reach out via [Signal](https://signal.me/#eu/0Qd68U1ivXNdWCF4hf70UYFo7tB0w-GQqFpYcyV6-yr4exn2SclB6bFeP7wTAxQw) if you have any questions.
[4.0K] /data/pocs/d4d84fc5894b95a8e53ccacef974e2d707519223
├── [1.1K] CVE-2025-11371.yaml
├── [1.0K] LICENSE
└── [1.5K] README.md
1 directory, 3 files