A critical zero-day vulnerability, identified as CVE-2025-11371, has been discovered in Gladinet's Centrestack and Triofox products, leaving users at risk of exploitation. The flaw remains unpatched, prompting urgent warnings for businesses utilizing these services to enhance their security measures against potential attacks.

Hackers have exploited a deserialization vulnerability in Gladinet CentreStack's file-sharing software, tracked as CVE-2025-30406, to breach storage servers since March 2025. The flaw, caused by a hardcoded machineKey, allows attackers to inject malicious payloads and execute code on affected systems. Gladinet has released security updates and recommends users upgrade or rotate the machineKey to mitigate risks.