This article details a vulnerability in Triofox that allowed unauthenticated remote access, enabling attackers to bypass authentication and execute arbitrary code. Mandiant discovered that this flaw was exploited by a threat group, allowing them to create admin accounts and run malicious scripts. The issue has been patched in newer versions of the software.

Hackers exploited a zero-day vulnerability in Triofox, a file-sharing platform, to bypass authentication and deploy malicious payloads. They manipulated HTTP host headers to gain access and configured the system's anti-virus feature to run their own scripts, allowing further exploitation.

A critical zero-day vulnerability, identified as CVE-2025-11371, has been discovered in Gladinet's Centrestack and Triofox products, leaving users at risk of exploitation. The flaw remains unpatched, prompting urgent warnings for businesses utilizing these services to enhance their security measures against potential attacks.