Cyber Posture

CVE-2025-14611

CriticalCISA KEVActive ExploitationPublic PoC

Published: 12 December 2025

Published
12 December 2025
Modified
16 December 2025
KEV Added
15 December 2025
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.5835 98.2th percentile
Risk Priority 75 60% EPSS · 20% KEV · 20% CVSS

Description

Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided…

more

a specially crafted request without authentication. This opens the door for future exploitation and can be leveraged with previous vulnerabilities to gain a full system compromise.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the hardcoded AES values and associated local file inclusion flaw by requiring timely patching to the fixed version 16.12.10420.56791 or later.

SC-13 Cryptographic Protection good match
prevent

Mandates NIST-approved cryptographic implementations without hardcoded values, preventing degradation of AES security on public endpoints.

SI-10 Information Input Validation partial match
prevent

Validates and sanitizes inputs to crafted unauthenticated requests, mitigating arbitrary local file inclusion even if crypto is flawed.

Security SummaryAI

CVE-2025-14611 is a high-severity vulnerability (CVSS 9.8) affecting Gladinet CentreStack and Triofox versions prior to 16.12.10420.56791. It stems from the use of hardcoded values in the implementation of the AES cryptoscheme (CWE-798), which degrades the security of public-facing endpoints that rely on this encryption. This flaw enables arbitrary local file inclusion via specially crafted unauthenticated requests, potentially exposing sensitive data or facilitating further compromise.

Attackers can exploit this vulnerability remotely over the network with low complexity and no required privileges or user interaction. A crafted request to an exposed endpoint bypasses authentication, allowing local file inclusion that undermines cryptographic protections. When chained with prior vulnerabilities, it can lead to full system compromise, granting high confidentiality, integrity, and availability impacts.

Advisories highlight the need to upgrade to version 16.12.10420.56791 or later to mitigate the issue. The Huntress blog details active exploitation of this insecure cryptography flaw in Gladinet CentreStack and Triofox, while CISA has added CVE-2025-14611 to its Known Exploited Vulnerabilities catalog, urging federal agencies to patch within specified timelines.

In real-world context, exploitation is actively occurring, as evidenced by Huntress reporting and CISA's KEV inclusion, emphasizing immediate patching for exposed instances.

Details

CWE(s)
CWE-798
KEV Date Added
15 December 2025

Affected Products

gladinet
centrestack
≤ 16.12.10420.56791
gladinet
triofox
≤ 16.12.10420.56791

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
T1059.001 PowerShell Execution
Adversaries may abuse PowerShell commands and scripts for execution.
attack.mitre.org →
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
attack.mitre.org →
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Insecure hardcoded AES enables unauthenticated LFI for data collection from local system (T1005) and RCE on public-facing app (T1190); observed exploitation uses PowerShell (T1059.001) to download tools (T1105).

References