CISA issued a critical warning regarding a hardcoded cryptographic key vulnerability affecting Gladinet CentreStack and Triofox file management solutions.
The vulnerability, tracked as CVE-2025-14611, poses significant risks to organizations using these widely deployed enterprise file-sharing platforms.
The flaw lies in how Gladinet CentreStack and Triofox implement their AES cryptographic scheme.
Attackers can exploit hardcoded cryptographic keys embedded in applications to bypass authentication and gain unauthorized access to sensitive systems.
Authentication Bypass and File Inclusion Risks
The vulnerability affects publicly exposed endpoints, making them accessible to remote threat actors without requiring user credentials.
Most critically, successful exploitation enables arbitrary local file inclusion attacks. By crafting especially malicious requests, attackers can retrieve sensitive files from affected systems.
| Field | Details |
|---|---|
| CVE ID | CVE-2025-14611 |
| Vulnerability Title | Gladinet CentreStack and Triofox Hardcoded Cryptographic Key Vulnerability |
| Affected Products | Gladinet CentreStack, Triofox |
| Vulnerability Type | Hardcoded Cryptographic Keys (CWE-798) |
| Attack Vector | Network-based, unauthenticated access |
Exposing confidential business documents, customer data, and system configuration files. The vulnerability carries significant implications for enterprise security posture.
Organizations relying on Gladinet CentreStack or Triofox for secure file collaboration face potential data exfiltration risks.
The lack of authentication requirements substantially widens the attack surface, allowing adversaries to target these systems directly from the internet.
CISA classified this issue as CWE-798, underscoring the risks of hard-coded credentials in cryptographic implementations.
This weakness undermines the fundamental security architecture of file-sharing solutions. These depend on encryption to protect sensitive information during transmission and storage.
CISA has set an immediate action deadline, with the remediation due date on January 5, 2026. Organizations should prioritize the following steps:
Apply all security patches and vendor-provided mitigations immediately. Review CISA’s BOD 22-01 guidance for cloud services to ensure compliance with federal security requirements.
For organizations unable to deploy mitigations, CISA recommends discontinuing use of affected products. Security teams should conduct thorough audits of their Gladinet CentreStack and Triofox deployments to identify potential exposures.
Network administrators should implement additional access controls and monitor these systems for suspicious activity. Organizations should contact their vendors for available patches and security updates.
Implement enhanced monitoring on file-sharing infrastructure, and consider deploying additional network segmentation to limit exposure from compromised endpoints.
As threat actors increasingly target enterprise collaboration tools, swift action remains essential for protecting organizational data and maintaining security integrity.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
