Insecure Cryptography Vulnerability in Gladinet CentreStack and Triofox Products
CVE-2025-14611

7.1HIGH

Key Information:

Vendor: Gladinet
Status: Centrestack And Triofox
Vendor: CVE Published:; 12 December 2025

What is CVE-2025-14611?

Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 contain hardcoded values in their AES cryptoscheme implementation, leading to weakened security for publicly exposed endpoints. This vulnerability may result in arbitrary local file inclusion through specially crafted requests that bypass authentication, potentially enabling future exploitation and system compromise when combined with existing vulnerabilities.

Affected Version(s)

CentreStack and TrioFox 0 < 16.12.10420.56791

References

https://www.huntress.com/blog/active-exploitation-gladine...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2025
Vulnerability Reserved
Dec 12, 2025

Credit

Bryan Masters

John Hammond

JSON