CVE-2025-14611

CRITICALCISA KEV

9.8

Descripcion

Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication. This opens the door for future exploitation and can be leveraged with previous vulnerabilities to gain a full system compromise.

Detalles CVE

Puntuacion CVSS v3.19.8

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado12/12/2025

Ultima modificacion12/16/2025

Fuentekev

Avistamientos honeypot0

CISA KEV

VendedorGladinet

ProductoCentreStack and Triofox

Nombre vulnerabilidadGladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability

Fecha inclusion KEV2025-12-15

Fecha limite remediacion2026-01-05

Uso en ransomwareUnknown

Productos afectados

gladinet:centrestackgladinet:triofox

Debilidades (CWE)

CWE-798

Referencias

https://www.huntress.com/blog/active-exploitation-gladinet-centrestack-triofox-insecure-cryptography-vulnerability(5dacb0b8-2277-4717-899c-254586fe4912)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14611(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.