CVE-2025-14611

Dec. 16, 2025, 1:48 p.m.

7.1
High

Description

Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication. This opens the door for future exploitation and can be leveraged with previous vulnerabilities to gain a full system compromise.

Product(s) Impacted

Vendor Product Versions
Gladinet
  • Centrestack
  • Triofox
  • *
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-798
Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a gladinet centrestack / / / / / / / /
a gladinet triofox / / / / / / / /

References

https://www.huntress.com/blog/active-exploitation-gladinet-centrestack-triofox-insecure-cryptography-vulnerability
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14611

Tags

5dacb0b8-2277-4717-899c-254586fe4912
2025-12-12
CVE-2025-14611

CVSS Score

7.1 / 10

CVSS Data - 4.0

  • Attack Vector: NETWORK
  • Attack Complexity: HIGH
  • Attack Requirements: NONE
  • Privileges Required: NONE
  • User Interaction: NONE
  • Scope:
  • Confidentiality Impact: LOW
  • Integrity Impact: NONE
  • Availability Impact: NONE
  • Exploit Maturity: ATTACKED

    • CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    View Vector String

Timeline

Published: Dec. 12, 2025, 9:15 p.m.
Last Modified: Dec. 16, 2025, 1:48 p.m.

Status : Analyzed

CVE has had analysis completed and all data associations made.

More info

Source

5dacb0b8-2277-4717-899c-254586fe4912

Relations

Here is the list of observables linked to the vulnerability CVE-2025-14611 using threat intelligence.

  • CentreStack and Triofox
  • CentreStack and Triofox

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.