CVE-2025-14611 - Gladinet CentreStack and Triofox
AI Vulnerability ContextGladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication. This opens the door for future exploitation and can be leveraged with previous vulnerabili...
Overview
A source-backed snapshot of this vulnerability.
Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication. This opens the door for future exploitation and can be leveraged with previous vulnerabilities to gain a full system compromise.
Vulnerability status
How serious this vulnerability is and whether it is known to be exploited.
- CVE ID
- CVE-2025-14611
- Vendor/project
- Gladinet
- Product
- CentreStack and Triofox
- Vulnerability name
- Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability
- Date added
- 2025-12-15
- Due date
- 2026-01-05
- Known ransomware campaign use
- Unknown
- CVSS v3
- 9.8
- CVSS v4
- 7.1
Exploit context
What the vulnerability is about.
Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication. This opens the door for future exploitation and can be leveraged with previous vulnerabilities to gain a full system compromise.
Source evidence
Original public records and references for this page.
Original source
Original source links
Open the public records and source datasets used for this page.
