Filtered by vendor Gladinet
Subscribe
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-12480 | 1 Gladinet | 1 Triofox | 2025-11-14 | N/A | 9.1 CRITICAL |
| Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete. | |||||
| CVE-2025-30406 | 1 Gladinet | 1 Centrestack | 2025-11-05 | N/A | 9.0 CRITICAL |
| Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config. | |||||
| CVE-2025-11371 | 1 Gladinet | 2 Centrestack, Triofox | 2025-11-05 | N/A | 7.5 HIGH |
| In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560 | |||||