CVE-2025-14611
Published Dec 12, 2025
Last updated 3 months ago
- Description
- Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication. This opens the door for future exploitation and can be leveraged with previous vulnerabilities to gain a full system compromise.
- Source
- 5dacb0b8-2277-4717-899c-254586fe4912
- NVD status
- Analyzed
- Products
- centrestack, triofox
CVSS 4.0
- Type
- Secondary
- Base score
- 7.1
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability
- Exploit added on
- Dec 15, 2025
- Exploit action due
- Jan 5, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-798
- Hype score
- Not currently trending
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-14611 #Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability https://t.co/2pyjBA6FmQ
@ScyScan
22 Dec 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
. @Horizon3Attack has released a Rapid Response test for CVE-2025-14611, affecting Gladinet CentreStack. 🧵 https://t.co/P6V3Awyk1e
@Horizon3ai
19 Dec 2025
86 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2025-14611 - critical 🚨 Gladinet CentreStack & Triofox - Hardcoded Credentials > Gladinet CentreStack and Triofox < 16.12.10420.56791 contain a hardcoded credentials ... 👾 https://t.co/fuD8hCHbgE @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
19 Dec 2025
16 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログにGladinet CentreStack and TriofoxのCVE-2025-14611とApple WebKitのCVE-2025-43529を追加。対処期限は通常の1/5。ランサムウェアによる悪
@__kokumoto
15 Dec 2025
833 Impressions
0 Retweets
7 Likes
2 Bookmarks
1 Reply
0 Quotes
🛡️ We added Gladinet & Apple vulnerabilities CVE-2025-14611 & CVE-2025-43529 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/BXihRl42AI
@CISACyber
15 Dec 2025
5685 Impressions
18 Retweets
42 Likes
2 Bookmarks
1 Reply
0 Quotes
CVE-2025-14611 Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for… https://t.co/OYJKo79wga
@CVEnew
13 Dec 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 HIGH severity: CVE-2025-14611 in Gladinet CentreStack & TrioFox exposes weak AES crypto and unauth LFI risk before v16.12.10420.56791. Restrict public access, monitor for threats! 🔐 https://t.co/KyCdoAgULq #... https://t.co/D8SKz8yNJu
@offseq
13 Dec 2025
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gladinet:centrestack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE25A56-77B1-415B-A1EB-186627ADF753",
"versionEndExcluding": "16.12.10420.56791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gladinet:triofox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E01A5DF-260E-4838-9B8C-34F059079DC8",
"versionEndExcluding": "16.12.10420.56791",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]