CVE-2025-14611
Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability
CVSS
—
No CVSS
EPSS
50.9%
p99
KEV
YES
Dec 15, 2025
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Gladinet / CentreStack and Triofox
Vulnerability
Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability
Added to KEV
Dec 15, 2025
Remediate by
Jan 5, 2026
Known ransomware use
No
Summary description
Gladinet CentreStack and TrioFox contain a hardcoded cryptographic keys vulnerability for their implementation of the AES cryptoscheme. This vulnerability degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication.
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes
https://www.centrestack.com/p/gce_latest_release.html ; https://access.triofox.com/releases_history/; https://support.centrestack.com/hc/en-us/articles/360007159054-Hardening-the-CentreStack-Cluster#h_01JQRV57T37HJFQZKBZH9NBXQP ; https://nvd.nist.gov/vuln/detail/CVE-2025-14611