CVE-2025-14611CRITICAL 9.8CISA KEVEPSS p98.8%

CVE-2025-14611Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability

Gladinet / CentreStack and Triofox

Description

Gladinet CentreStack and TrioFox contain a hardcoded cryptographic keys vulnerability for their implementation of the AES cryptoscheme. This vulnerability degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS50.95% probability of exploitation · percentile 98.8% · 2026-06-18T12:00:27Z
Published2025-12-12
Last modified2025-12-16

CISA KEV entry

Added to KEV: 2025-12-15

Underlying weaknesses· 1

CWE-798

References

  1. https://www.huntress.com/blog/active-exploitation-gladinet-centrestack-triofox-insecure-cryptography-vulnerability
  2. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14611

1

TypeTargetConfidenceTier
WeaknessUse of Hard-coded Credentialscwe-7980%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryGladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerabilitykev-cve-2025-146110%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability
CVE
Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability
CVE
Gladinet Triofox Improper Access Control Vulnerability
CVE
CVE-2025-56577
CVE
CVE-2026-11505
CVE
CVE-2026-49201
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.