Gladinet fixes actively exploited zero-day in file-sharing software www.bleepingcomputer.com/news/secu…

Gladinet has released security updates for its CentreStack business solution to address a local file inclusion vulnerability (CVE-2025-11371) that threat actors have leveraged as a zero-day since late September.

The local file inclusion (LFI) vulnerability enabled attackers to read the Web.config file on fully patched CentreStack deployments, extract the machine key, and then use it to exploit CVE-2025-30406.

When Huntress alerted of the zero-day attacks Gladinet provided mitigations for customers and was in the process of developing a patch.

The security update that addresses CVE-2025-11371 is now available in CentreStack version 16.10.10408.56683 and administrators are strongly recommended to install it.