The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding an active vulnerability affecting Gladinet CentreStack and Triofox, two popular file synchronization and cloud storage solutions used by enterprises worldwide.
The vulnerability, classified as files or directories accessible to external parties, poses significant security risks to organizations relying on these platforms.
Vulnerability Details and Risk Assessment
The discovered flaw enables attackers to access sensitive files and system directories that should remain protected from external access.
This exposure could lead to unauthorized disclosure of confidential business data, configuration files, and system information.
CISA confirmed that threat actors are actively exploiting this vulnerability in real-world attacks, making immediate action essential for affected organizations.
The vulnerability stems from improper access control mechanisms within the affected products.
Files and directories containing sensitive information are inadvertently exposed to external parties due to insufficient security configurations.
This type of weakness, categorized under CWE-552, represents a fundamental security flaw that can have far-reaching consequences across affected infrastructure.
CISA has issued specific guidance for organizations using Gladinet CentreStack or Triofox.
The primary recommendation involves applying all available mitigations released by the vendors as quickly as possible.
Organizations must prioritize this update to prevent unauthorized access to their data.
For government agencies and contractors, compliance with BOD 22-01 requirements regarding cloud services is mandatory.
Organizations should evaluate their cloud service security posture and implement additional safeguards where necessary.
If vendors cannot provide adequate mitigations, CISA recommends considering discontinuation of the affected products until patches are deployed.
CISA added this vulnerability to its official advisory list on November 4, 2025, with an organizational compliance due date of November 25, 2025.
This compressed timeline reflects the active exploitation status and the severity of the threat. Organizations have three weeks to implement necessary remediation steps.
Security teams should immediately audit their infrastructure for Gladinet CentreStack and Triofox deployments, verify current versions, and prepare deployment of security patches.
Organizations should also review access logs to determine whether unauthorized access attempts have occurred.
| Product | Vulnerability Type | CWE Classification | Severity | Impact | Status |
|---|---|---|---|---|---|
| Gladinet CentreStack | Files/Directories Accessible to External Parties | CWE-552 | High | Unintended System File Disclosure | Actively Exploited |
| Triofox | Files/Directories Accessible to External Parties | CWE-552 | High | Unintended System File Disclosure | Actively Exploited |
Organizations using Gladinet CentreStack or Triofox should treat this warning with the highest priority.
The active exploitation status means threat actors are currently targeting these vulnerabilities.
Immediate implementation of vendor-provided patches and security configurations is critical to prevent data breaches.
Security teams must act within the three-week compliance window to protect their infrastructure from unauthorized access.
Cyber Awareness Month Offer: Upskill With 100+ Premium Cybersecurity Courses From EHA's Diamond Membership: Join Today
%20(1).webp?resize=1068,580&ssl=1&description=The vulnerability, classified as files or directories accessible to external parties, poses significant security risks to organizations relying on these platforms.){kind=link}