COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2025-14611

CVE-2025-14611

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2025-12-15
Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-14611
⌖ exploited in the wild shame 50/100 exploited-in-wild

Gladinet CentreStack and TrioFox contain a hardcoded cryptographic keys vulnerability for their implementation of the AES cryptoscheme. This vulnerability degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when prov

Players implicated

Gladinet · vendorCentreStack and Triofox · product

Description

Gladinet CentreStack and TrioFox contain a hardcoded cryptographic keys vulnerability for their implementation of the AES cryptoscheme. This vulnerability degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.