CVE-2025-14611

High KEV CVSS: 7.1

Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication. This opens the door for future exploitation and can be leveraged with previous vulnerabilities to gain a full system compromise.

Vendor

Gladinet

Product

Centrestack

CWE

CWE-798

Yayın Tarihi

2025-12-12 21:15:53

Güncelleme

2025-12-16 13:48:02

Source Identifier

5dacb0b8-2277-4717-899c-254586fe4912

KEV Date Added

2025-12-15

Kategoriler

CWE-798 Centrestack HIGH Gladinet 2025

Referanslar

https://www.huntress.com/blog/active-exploitation-gladinet-centrestack-triofox-insecure-cryptography-vulnerability https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14611

Benzer Kayıtlar

Critical

CVE-2025-12480

Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to init…

High

CVE-2025-11371

In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local Fil…

Critical

CVE-2025-30406

Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the…