Vulnerability-Lookup

WID-SEC-W-2025-2834

Vulnerability from csaf_certbund - Published: 2025-12-11 23:00 - Updated: 2025-12-14 23:00

Summary

Gladinet CentreStack und Triofox: Schwachstelle ermöglicht Codeausführung

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Gladinet CentreStack ist eine Self-Hosting-Cloud-Lösung, die es Unternehmen ermöglicht, ihre eigene Dateisynchronisations- und Freigabeinfrastruktur aufzubauen. Triofox Server ist eine Softwarelösung, die Dateifreigabe und -zugriff über verschiedene Plattformen hinweg ermöglicht und dabei bestehende Dateiserverinfrastrukturen integriert.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Gladinet CentreStack und Gladinet Triofox ausnutzen, um beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme

- Linux - Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "kritisch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Gladinet CentreStack ist eine Self-Hosting-Cloud-L\u00f6sung, die es Unternehmen erm\u00f6glicht, ihre eigene Dateisynchronisations- und Freigabeinfrastruktur aufzubauen.\r\nTriofox Server ist eine Softwarel\u00f6sung, die Dateifreigabe und -zugriff \u00fcber verschiedene Plattformen hinweg erm\u00f6glicht und dabei bestehende Dateiserverinfrastrukturen integriert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Gladinet CentreStack und Gladinet Triofox ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2834 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2834.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2834 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2834"
      },
      {
        "category": "external",
        "summary": "Huntress Blog vom 2025-12-11",
        "url": "https://www.huntress.com/blog/active-exploitation-gladinet-centrestack-triofox-insecure-cryptography-vulnerability"
      },
      {
        "category": "external",
        "summary": "CentreStack Release Notes vom 2025-12-11",
        "url": "https://www.centrestack.com/p/gce_latest_release.html"
      },
      {
        "category": "external",
        "summary": "Triofox Releaes History vom 2025-12-11",
        "url": "https://access.triofox.com/releases_history/"
      }
    ],
    "source_lang": "en-US",
    "title": "Gladinet CentreStack und Triofox: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2025-12-14T23:00:00.000+00:00",
      "generator": {
        "date": "2025-12-15T07:29:58.529+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-2834",
      "initial_release_date": "2025-12-11T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-12-11T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-12-14T23:00:00.000+00:00",
          "number": "2",
          "summary": "Referenzen eingetragen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c16.12.10420.56791",
                "product": {
                  "name": "Gladinet CentreStack \u003c16.12.10420.56791",
                  "product_id": "T049378"
                }
              },
              {
                "category": "product_version",
                "name": "16.12.10420.56791",
                "product": {
                  "name": "Gladinet CentreStack 16.12.10420.56791",
                  "product_id": "T049378-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:gladinet:centrestack:16.12.10420.56791"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "CentreStack"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c16.12.10420.56791",
                "product": {
                  "name": "Gladinet Triofox \u003c16.12.10420.56791",
                  "product_id": "T049379"
                }
              },
              {
                "category": "product_version",
                "name": "16.12.10420.56791",
                "product": {
                  "name": "Gladinet Triofox 16.12.10420.56791",
                  "product_id": "T049379-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:gladinet:triofox:16.12.10420.56791"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Triofox"
          }
        ],
        "category": "vendor",
        "name": "Gladinet"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-14611",
      "product_status": {
        "known_affected": [
          "T049378",
          "T049379"
        ]
      },
      "release_date": "2025-12-11T23:00:00.000+00:00",
      "title": "CVE-2025-14611"
    }
  ]
}

CVE-2025-14611 (GCVE-0-2025-14611)

Vulnerability from cvelistv5 – Published: 2025-12-12 21:01 – Updated: 2025-12-16 04:55

Title

Gladinet CentreStack and TrioFox Hard Coded AES Keys

Summary

Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication. This opens the door for future exploitation and can be leveraged with previous vulnerabilities to gain a full system compromise.

Severity ?

7.1 (High)


                        
                          CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:A

CWE

CWE-798 - Use of Hard-coded Credentials

Assigner

Huntress

References

URL

Tags

https://www.huntress.com/blog/active-exploitation…

Impacted products

	Vendor	Product	Version
	Gladinet	CentreStack and TrioFox	Affected: 0 , < 16.12.10420.56791 (custom)

Credits

Bryan Masters John Hammond

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14611",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-12-15",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14611"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-798",
                "description": "CWE-798 Use of Hard-coded Credentials",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-16T04:55:55.465Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14611"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-12-15T00:00:00+00:00",
            "value": "CVE-2025-14611 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CentreStack and TrioFox",
          "vendor": "Gladinet",
          "versions": [
            {
              "lessThan": "16.12.10420.56791",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Bryan Masters"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "John Hammond"
        }
      ],
      "datePublic": "2025-12-12T20:31:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication. This opens the door for future exploitation and can be leveraged with previous vulnerabilities to gain a full system compromise."
            }
          ],
          "value": "Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication. This opens the door for future exploitation and can be leveraged with previous vulnerabilities to gain a full system compromise."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "exploitMaturity": "ATTACKED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:A",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-12T21:01:13.116Z",
        "orgId": "5dacb0b8-2277-4717-899c-254586fe4912",
        "shortName": "Huntress"
      },
      "references": [
        {
          "url": "https://www.huntress.com/blog/active-exploitation-gladinet-centrestack-triofox-insecure-cryptography-vulnerability"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Gladinet CentreStack and TrioFox Hard Coded AES Keys",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5dacb0b8-2277-4717-899c-254586fe4912",
    "assignerShortName": "Huntress",
    "cveId": "CVE-2025-14611",
    "datePublished": "2025-12-12T21:01:13.116Z",
    "dateReserved": "2025-12-12T20:22:27.367Z",
    "dateUpdated": "2025-12-16T04:55:55.465Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2025-2834

CVE-2025-14611 (GCVE-0-2025-14611)

Tags

Sightings

Nomenclature