Overview

• Huntress reports in-the-wild use of CVE-2025-11371 since late September, with at least three customer environments affected.
• CVE-2025-11371 is an unauthenticated local file inclusion weakness impacting default installs up to version 16.7.10368.56560 across deployment types.
• Attackers can read the Web.config machineKey and then leverage the previously known CVE-2025-30406 ViewState deserialization issue to achieve remote code execution, including on systems patched for that earlier flaw.
• Gladinet has acknowledged the issue, is notifying customers, and is developing a fix, while Huntress has blocked observed activity and is withholding some technical details until a patch is available.
• Operators are advised to disable the "temp" handler in the UploadDownloadProxy Web.config at C:\Program Files (x86)\Gladinet Cloud Enterprise\UploadDownloadProxy\Web.config, which may reduce functionality until an official patch arrives.