Gladinet CentreStack Hardcoded AES & LFI prior to 16.12.10420.56791
CVE-2025-14611 Published on December 12, 2025

Gladinet CentreStack and TrioFox Hard Coded AES Keys
Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication. This opens the door for future exploitation and can be leveraged with previous vulnerabilities to gain a full system compromise.

NVD

Known Exploited Vulnerability

This Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Gladinet CentreStack and TrioFox contain a hardcoded cryptographic keys vulnerability for their implementation of the AES cryptoscheme. This vulnerability degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication.

The following remediation steps are recommended / required by January 5, 2026: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weakness Type

Use of Hard-coded Credentials

The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.


Products Associated with CVE-2025-14611

Want to know whenever a new CVE is published for Gladinet Centrestack? stack.watch will email you.

Gladinet Centrestack
 

Affected Versions

Gladinet CentreStack and TrioFox:

Exploit Probability

EPSS
59.05%
Percentile
98.23%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.