CVE-2025-14611

UNKNOWN 0.0

⚠️ CISA KEV

Gladinet CentreStack and TrioFox Hard Coded AES Keys

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication. This opens the door for future exploitation and can be leveraged with previous vulnerabilities to gain a full system compromise.

Vendor	gladinet
Product	centrestack and triofox
Published	Dec 12, 2025
Last Updated	Feb 26, 2026

⚠️ Actively Exploited — Act Now

Get instant alerts for gladinet centrestack and triofox

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2025-14611.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Gladinet / CentreStack and TrioFox

0 < 16.12.10420.56791

References

NVD ↗ CVE.org ↗ EPSS Data ↗

huntress.com: https://www.huntress.com/blog/active-exploitation-gladinet-centrestack-triofox-insecure-cryptography-vulnerability cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14611

Credits

Bryan Masters John Hammond