CVE-2025-14611

CRITICALCISA KEV

9.8

Description

Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication. This opens the door for future exploitation and can be leveraged with previous vulnerabilities to gain a full system compromise.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie12/12/2025

Derniere modification12/16/2025

Sourcekev

Observations honeypot0

CISA KEV

FournisseurGladinet

ProduitCentreStack and Triofox

Nom vulnerabiliteGladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability

Date ajout KEV2025-12-15

Date limite remediation2026-01-05

Utilise dans ransomwareUnknown

Produits affectes

gladinet:centrestackgladinet:triofox

Faiblesses (CWE)

CWE-798

References

https://www.huntress.com/blog/active-exploitation-gladinet-centrestack-triofox-insecure-cryptography-vulnerability(5dacb0b8-2277-4717-899c-254586fe4912)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14611(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.