Tag: Local File Inclusion
-
Exploited Zero-Day: Critical Gladinet/Triofox Flaw CVE-2025-11371 Allows RCE via LFI
Analysts at Huntress have detected active exploitation attempts targeting a newly discovered vulnerability in CentreStack and TrioFox products by Gladinet. Tracked as CVE-2025-11371, the flaw is classified as a Local File Inclusion (LFI) vulnerability that may allow unauthorized access to system files. The issue affects all versions up to and including 16.7.10368.56560, and as of…
-
Critical Unity Flaw CVE-2025-59489 Exposes Games Built Since 2017 to Local Code Execution
Researcher RyotaK of GMA Flatt Security discovered a serious vulnerability in the Unity game engine—tracked as CVE-2025-59489—which allows a co-resident application on the same device to inject additional command-line parameters into Unity games, creating an avenue to load malicious code alongside the game. The analysis was performed on Android devices, but the researcher warns the…