CVE-2025-14611
BaseFortify
Publication date: 2025-12-12
Last updated on: 2025-12-16
Assigner: Huntress
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gladinet | centrestack | to 16.12.10420.56791 (exc) |
| gladinet | triofox | to 16.12.10420.56791 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves Gladinet CentreStack and Triofox versions prior to 16.12.10420.56791 using hardcoded values in their AES cryptoscheme implementation. This weakens the security of publicly exposed endpoints using this cryptoscheme and may allow arbitrary local file inclusion when a specially crafted unauthenticated request is made. This vulnerability can be combined with previous vulnerabilities to achieve full system compromise.
How can this vulnerability impact me? :
The vulnerability can degrade the security of public endpoints, potentially allowing attackers to include arbitrary local files without authentication. This can lead to further exploitation, including full system compromise when combined with other vulnerabilities.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows attackers to decrypt or forge access tickets due to hardcoded AES keys, enabling unauthorized access to sensitive files such as web.config, which contains machine keys. This unauthorized access and potential data exposure can lead to violations of data protection regulations like GDPR and HIPAA, which require safeguarding sensitive information and ensuring data confidentiality and integrity. Organizations affected by this vulnerability may face compliance risks if sensitive personal or health data is exposed or compromised. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by scanning your web server logs for encrypted GET requests to the endpoint /storage/filesvr.dn that include the query parameter "t" containing the string "vghpI7EToZUDIZDdprSubL3mTZ2", which corresponds to the encrypted web.config file path. Monitoring for such requests can indicate exploitation attempts. For example, you can use commands like: - On Linux systems, to search Apache or IIS logs: grep "/storage/filesvr.dn" /path/to/logfile | grep "t=vghpI7EToZUDIZDdprSubL3mTZ2" - Using PowerShell on Windows servers: Select-String -Path "C:\inetpub\logs\LogFiles\*.log" -Pattern "/storage/filesvr.dn.*t=vghpI7EToZUDIZDdprSubL3mTZ2" [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating Gladinet CentreStack and Triofox to version 16.12.10420.56791 or later, which contains the patch for this vulnerability. Additionally, you should rotate the machine keys used by ASP.NET to prevent attackers from leveraging stolen keys for ViewState deserialization attacks. Monitoring for suspicious activity related to this vulnerability and blocking malicious requests targeting /storage/filesvr.dn is also recommended. [1]