CVE-2025-14611CRITICAL · 9.8TrackedCISA KEV

Gladinet · CentreStack and Triofox

Gladinet CentreStack and TrioFox contain a hardcoded cryptographic keys vulnerability for their implementation of the AES cryptoscheme. This vulnerability degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication.

Disclosed

2025-12-12

179 days ago

Status

no honeypot capture yet

on CISA KEV — watching

7-day events

across 0 distinct IPs

7-day spread

0 ASN · 0 cty

0 active days

Top ASNs

No events captured yet.

Top countries

No events captured yet.

References

https://www.centrestack.com/p/gce_latest_release.html
https://access.triofox.com/releases_history/
https://support.centrestack.com/hc/en-us/articles/360007159054-Hardening-the-CentreStack-Cluster#h_01JQRV57T37HJFQZKBZH9NBXQP
https://nvd.nist.gov/vuln/detail/CVE-2025-14611

↗ NVD ↗ CISA KEV ↗ Search analyses