CVE-2025-14611

CRITICALCISA KEV

9.8

Descricao

Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication. This opens the door for future exploitation and can be leveraged with previous vulnerabilities to gain a full system compromise.

Detalhes CVE

Pontuacao CVSS v3.19.8

SeveridadeCRITICAL

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado12/12/2025

Ultima modificacao12/16/2025

Fontekev

Avistamentos honeypot0

CISA KEV

FornecedorGladinet

ProdutoCentreStack and Triofox

Nome da vulnerabilidadeGladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability

Data inclusao KEV2025-12-15

Prazo de remediacao2026-01-05

Uso em ransomwareUnknown

Produtos afetados

gladinet:centrestackgladinet:triofox

Fraquezas (CWE)

CWE-798

Referencias

https://www.huntress.com/blog/active-exploitation-gladinet-centrestack-triofox-insecure-cryptography-vulnerability(5dacb0b8-2277-4717-899c-254586fe4912)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14611(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.