The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new alert regarding a critical security vulnerability affecting Gladinet CentreStack and Triofox.
The agency has added this flaw to its Known Exploited Vulnerabilities (KEV) catalog, indicating that hackers are actively exploiting it in attacks.
The vulnerability, identified as CVE-2025-14611, involves a serious issue with how these products handle security keys.
According to the CISA advisory, both Gladinet CentreStack and Triofox contain “hardcoded cryptographic keys” within their software.
Overview of the Vulnerability
In simple terms, hardcoded keys are like leaving a spare house key under the welcome mat, where anyone who knows where to look can find it.
These software products use specific keys to encrypt and protect data using the AES encryption standard. However, because these keys are permanently written into the code itself, they cannot be easily changed or rotated.
If malicious actors find these keys, they can bypass security measures. The vulnerability explicitly degrades the security of publicly exposed endpoints, parts of the system accessible from the internet.
Even more concerning, attackers can exploit this flaw to perform “Local File Inclusion” (LFI).
This means a cybercriminal could trick the system into revealing sensitive files stored on the server without needing a username or password.
Because this vulnerability is being actively exploited in the wild, CISA has set a strict deadline for Federal Civilian Executive Branch (FCEB) agencies to secure their systems.
Agencies are required to apply the necessary patches or mitigations by January 5, 2026.
Although this mandate applies specifically to U.S. federal agencies, CISA strongly urges all organizations, including private companies and state governments, to prioritize fixing this issue.
- Check for Updates: Immediately review vendor instructions for Gladinet CentreStack and Triofox.
- Apply Mitigations: Install any available patches that remove the hardcoded keys or update the cryptographic implementation.
- Disconnect if Unpatchable: If no fix is available, CISA recommends discontinuing the use of the product to prevent data theft or system compromise.
At this time, it is unknown if this specific flaw is being used in ransomware attacks.
However, the ease of exploitation makes it a high-priority risk for any organization using these cloud storage solutions.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.