4 min read
By: RedLegg's Cyber Threat Intelligence Team
About:
CVE-2025-14611, affects Gladinet CentreStack and Triofox versions prior to 16.12.10420.56791. The issue stems from hard-coded AES cryptographic values, weakening encryption for exposed endpoints. Attackers can exploit this flaw to bypass authentication and potentially achieve local file inclusion via crafted unauthenticated requests.
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
Hard-Coded AES Cryptographic Values Leading to Authentication Bypass Conditions and Potential Local File Inclusion in Gladinet CentreStack and Triofox
CVSS Score: 7.1
Identifier: CVE-2025-14611
Exploit or Proof of Concept (PoC): CVE-2025-14611 is confirmed exploited in the wild.
Update:
Affected products: Gladinet CentreStack and Triofox versions prior to 16.12.10420.56791.
Remediation: Upgrade to 16.12.10420.56791 or later for both CentreStack and Triofox. https://www.centrestack.com/p/gce_latest_release.html
https://access.triofox.com/releases_history/
Description:
CVE-2025-14611 is caused by hard-coded values used in the products' AES cryptographic scheme implementation. This weakens cryptographic protections for publicly exposed endpoints that rely on that scheme and may enable arbitrary local file inclusion via specially crafted unauthenticated requests.
Mitigation Recommendation:
Patch immediately by upgrading CentreStack and Triofox to 16.12.10420.56791 or later.
Treat any internet-facing or externally reachable instances as high-risk until patched; reduce exposure by restricting access to trusted IP ranges/VPN only.
Review server and application logs for suspicious unauthenticated requests to file-handling or API endpoints and unusual file read/access patterns.
