Gladinet CentreStack & Triofox Insecure Cryptography Vulnerability

Blog

Byadmblake December 17, 2025

What is the Vulnerability? CVE-2025-14611 is a high-severity insecure cryptography vulnerability affecting Gladinet CentreStack and Triofox products prior to version 16.12.10420.56791. The flaw stems from hardcoded AES cryptographic key values in the product’s implementation, degrading encryption security and enabling unauthorized access to sensitive resources when exposed publicly. Active exploitation of this weakness has been observed…

What is the Vulnerability?

CVE-2025-14611 is a high-severity insecure cryptography vulnerability affecting Gladinet CentreStack and Triofox products prior to version 16.12.10420.56791. The flaw stems from hardcoded AES cryptographic key values in the product’s implementation, degrading encryption security and enabling unauthorized access to sensitive resources when exposed publicly.

Active exploitation of this weakness has been observed in the wild, where threat actors chain it with other vulnerabilities to extract configuration files and potentially achieve unauthorized code execution.

What is the recommended Mitigation?

Update/ Patch:

– Upgrade all affected Gladinet CentreStack and Triofox deployments to 16.12.10420.56791 or later.

Hardening the CentreStack Cluster – Gladinet

Releases History – Triofox
Monitor & Hunt:

– Analyze web server logs for Indicators of Compromise (IoCs) IoCs, including suspicious requests to /storage/filesvr.dn.

– Look for unusual access patterns or unexpected file retrieval attempts.
Endpoint & Network Controls:

– Restrict access to affected services from untrusted networks.

– Use Web Application Firewalls (WAF) to filter malformed or unexpected HTTP requests.
Post-Compromise Response:

– If compromise is confirmed, rotate cryptographic keys (e.g., ASP.NET machine keys) and credentials.

– Investigate lateral movement and persistence mechanisms.

What FortiGuard Coverage is available?

FortiGuard IPS Service is available to detect and block exploit attempts targeting CVE-2025-14611.
FortiGuard Web Filtering Service protects against malicious URLs, domains, IPs, and other attacker-controlled infrastructure associated with this campaign.
FortiAnalyzer, FortiSIEM, and FortiSOAR leverage known IoCs delivered through the Indicators of Compromise (IoC) Service to enhance threat hunting, detection, and automated response, strengthening investigation workflows and correlation against related threat activity. FortiGuard Labs continues to monitor for newly emerging IoCs to ensure proactive protection.
Organizations suspecting a compromise can contact the FortiGuard Incident Response team for rapid investigation and remediation support.

Blog

WhatsApp Malware ‘Maverick’ Hijacks Browser Sessions to Target Brazil’s Biggest Banks

Threat hunters have uncovered similarities between a banking malware called Coyote and a newly disclosed malicious program dubbed Maverick that has been propagated via WhatsApp. According to a report from CyberProof, both malware strains are written in .NET, target Brazilian users and banks, and feature identical functionality to decrypt, targeting banking URLs and monitor banking…

Read More WhatsApp Malware ‘Maverick’ Hijacks Browser Sessions to Target Brazil’s Biggest Banks
Blog

PUBLOAD and Pubshell Malware Used in Mustang Panda’s Tibet-Specific Attack

A China-linked threat actor known as Mustang Panda has been attributed to a new cyber espionage campaign directed against the Tibetan community. The spear-phishing attacks leveraged topics related to Tibet, such as the 9th World Parliamentarians’ Convention on Tibet (WPCT), China’s education policy in the Tibet Autonomous Region (TAR), and a recently published book by…

Read More PUBLOAD and Pubshell Malware Used in Mustang Panda’s Tibet-Specific Attack
Blog

⚡ Weekly Recap: Chrome 0-Day, AI Hacking Tools, DDR5 Bit-Flips, npm Worm & More

The security landscape now moves at a pace no patch cycle can match. Attackers aren’t waiting for quarterly updates or monthly fixes—they adapt within hours, blending fresh techniques with old, forgotten flaws to create new openings. A vulnerability closed yesterday can become the blueprint for tomorrow’s breach. This week’s recap explores the trends driving that…

Read More ⚡ Weekly Recap: Chrome 0-Day, AI Hacking Tools, DDR5 Bit-Flips, npm Worm & More
Blog

Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices

Cybersecurity researchers have disclosed details of a recently patched critical security flaw in WatchGuard Fireware that could allow unauthenticated attackers to execute arbitrary code. The vulnerability, tracked as CVE-2025-9242 (CVSS score: 9.3), is described as an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including

Read More Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices
Blog

SIEMs Missing the Mark on MITRE ATT&CK Techniques

CardinalOps’ report shows that organizations are struggling to keep up with the evolution of the latest threats while a significant number of detection rules remain non-functional.

Read More SIEMs Missing the Mark on MITRE ATT&CK Techniques
Blog

Introducing the Sophos MSP Elevate program

Accelerating MSP business growth and elevating customers’ defenses with differentiated cybersecurity products and services.

Read More Introducing the Sophos MSP Elevate program

Related