External risk intelligence

Gladinet CentreStack and Triofox Cryptographic Weakness Affects File Access.

CVE advisoryKnown Exploit

CVE-2025-14611

Gladinet CentreStack and Triofox have a security weakness in their encryption, potentially allowing unauthorized local file access and system compromise. This affects public-facing endpoints and requires immediate attention from affected organizations.

5Halo Surface Signal

Gladinet Centrestack

before 16.12.10420.56791

External exposure likelihood

Halo Surface Signal score for CVE-2025-14611

Gladinet CentreStack and Triofox are enterprise file sync and sharing solutions explicitly designed to provide public-facing, internet-accessible endpoints for remote file access and collaboration. As these products function as gateways for external connectivity, they are intended to be exposed to the internet by design in normal deployment scenarios.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

Gladinet CentreStack and Triofox utilize hardcoded cryptographic keys, weakening security for publicly accessible endpoints. This flaw could allow unauthorized access to local files. Exploitation could lead to a complete system compromise by chaining with other vulnerabilities.

  • Hardcoded cryptographic keys in AES implementation.
  • Allows unauthorized local file inclusion.
  • Potential for full system compromise.

Attack Path

How an attacker could exploit the issue

The vulnerability impacts organizations using Gladinet CentreStack and Triofox. Attackers can exploit hardcoded cryptographic values to potentially gain unauthorized access to local files. This could allow for further system compromise by chaining with other vulnerabilities.

  • Publicly exposed endpoints.
  • Unauthenticated crafted requests.
  • Arbitrary local file inclusion.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability impacts organizations using specific versions of Gladinet CentreStack and Triofox. Attackers with advanced skills could exploit this by sending specially crafted requests to public-facing endpoints. Successful exploitation could lead to arbitrary local file inclusion and potentially a full system compromise, posing a significant risk to business operations and data security. The CISA has identified this vulnerability as actively exploited, indicating a high level of urgency for affected organizations.

  • Advanced attacker skill level needed.
  • No authentication required to exploit.
  • High business risk, urgent remediation advised.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

The organization should identify all instances of Gladinet CentreStack and Triofox software within its environment. Given the hardcoded cryptographic values, this vulnerability degrades security for public-facing endpoints, potentially leading to unauthorized access and file inclusion. Remediation requires applying vendor-provided fixes to prevent further exposure and potential system compromise.

  • Find all CentreStack and Triofox installations.
  • Reduce exposure or isolate affected systems.
  • Apply vendor fix, verify, and monitor.

Frequently asked questions

What are Gladinet CentreStack and Triofox?

Gladinet CentreStack and Triofox are software solutions that provide enterprise file synchronization and sharing capabilities. They are designed to offer remote file access and collaboration through public-facing, internet-accessible endpoints.

What is the weakness in Gladinet CentreStack and Triofox?

The identified weakness involves the use of hardcoded values for the AES cryptoscheme implementation. This significantly degrades security for public endpoints that rely on this feature and can lead to arbitrary local file inclusion when a specially crafted request is made without authentication.

How can this vulnerability be triggered and what is the scope of impact?

An attacker can trigger this vulnerability by sending a specially crafted request to public-facing endpoints. If successful, it can result in arbitrary local file inclusion, meaning an attacker could potentially access local files on the server without proper authentication.

Why is the Halo Surface Signal indicating this as 'Very likely' exploitable?

The Halo Surface Signal indicates 'Very likely' due to the nature of Gladinet CentreStack and Triofox. These products are intentionally designed to be exposed to the internet, serving as gateways for external connectivity, making them inherently accessible targets for exploitation.

What actions should be taken to address this vulnerability?

Organizations must identify all installations of Gladinet CentreStack and Triofox. It is critical to apply vendor-provided fixes to mitigate the security degradation of public-facing endpoints and prevent unauthorized access and potential system compromise. Monitoring after remediation is also advised.

References

Sources and related resources

Primary sources: NVD, CVE.org, CISA KEV.

NVDPublished Modified