CVE-2025-14611
Published: 12 December 2025
Summary
CVE-2025-14611 is a critical-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Gladinet Centrestack. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 1.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the hardcoded AES values and associated local file inclusion flaw by requiring timely patching to the fixed version 16.12.10420.56791 or later.
Mandates NIST-approved cryptographic implementations without hardcoded values, preventing degradation of AES security on public endpoints.
Validates and sanitizes inputs to crafted unauthenticated requests, mitigating arbitrary local file inclusion even if crypto is flawed.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Insecure hardcoded AES enables unauthenticated LFI for data collection from local system (T1005) and RCE on public-facing app (T1190); observed exploitation uses PowerShell (T1059.001) to download tools (T1105).
NVD Description
Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided…
more
a specially crafted request without authentication. This opens the door for future exploitation and can be leveraged with previous vulnerabilities to gain a full system compromise.
Deeper analysisAI
CVE-2025-14611 is a high-severity vulnerability (CVSS 9.8) affecting Gladinet CentreStack and Triofox versions prior to 16.12.10420.56791. It stems from the use of hardcoded values in the implementation of the AES cryptoscheme (CWE-798), which degrades the security of public-facing endpoints that rely on this encryption. This flaw enables arbitrary local file inclusion via specially crafted unauthenticated requests, potentially exposing sensitive data or facilitating further compromise.
Attackers can exploit this vulnerability remotely over the network with low complexity and no required privileges or user interaction. A crafted request to an exposed endpoint bypasses authentication, allowing local file inclusion that undermines cryptographic protections. When chained with prior vulnerabilities, it can lead to full system compromise, granting high confidentiality, integrity, and availability impacts.
Advisories highlight the need to upgrade to version 16.12.10420.56791 or later to mitigate the issue. The Huntress blog details active exploitation of this insecure cryptography flaw in Gladinet CentreStack and Triofox, while CISA has added CVE-2025-14611 to its Known Exploited Vulnerabilities catalog, urging federal agencies to patch within specified timelines.
In real-world context, exploitation is actively occurring, as evidenced by Huntress reporting and CISA's KEV inclusion, emphasizing immediate patching for exposed instances.
Details
- CWE(s)
- KEV Date Added
- 15 December 2025