CVE-2025-14611 identifies a cryptographic vulnerability in Gladinet CentreStack and TrioFox software versions prior to 16.12.10420.56791. These products implement the AES encryption scheme using hardcoded cryptographic values, violating best practices for key management and significantly degrading the confidentiality guarantees of encrypted data. The vulnerability specifically affects publicly exposed endpoints that rely on this AES implementation, making them susceptible to attacks without requiring authentication or user interaction. Exploiting this flaw allows attackers to perform arbitrary local file inclusion (LFI) by sending specially crafted requests, which can lead to disclosure or manipulation of sensitive files on the server. This LFI can be chained with previously known vulnerabilities in the software to escalate privileges and achieve full system compromise. The CVSS 4.0 vector indicates network attack vector, high attack complexity, no privileges or user interaction required, but with low impact on confidentiality and no impact on integrity or availability. Despite the lack of known exploits in the wild, the vulnerability poses a serious risk due to the potential for future exploitation and the critical nature of the affected products, which are used for cloud storage and file sharing in enterprise environments. The CWE-798 classification highlights the use of hardcoded credentials or cryptographic keys, a common and dangerous security anti-pattern. No official patches are currently linked, so mitigation relies on network controls and monitoring until updates are released.

The vulnerability undermines the cryptographic security of Gladinet CentreStack and TrioFox, potentially exposing sensitive data transmitted or stored via these platforms. Arbitrary local file inclusion can lead to unauthorized access to configuration files, credentials, or other critical system files, enabling attackers to pivot within the environment. Combined with other vulnerabilities, this could result in full system compromise, including data theft, ransomware deployment, or disruption of cloud storage services. Organizations relying on these products for file sharing and cloud storage face risks to confidentiality, integrity, and availability of their data. The public exposure of vulnerable endpoints increases the attack surface, especially for enterprises with internet-facing deployments. The absence of authentication requirements for exploitation further elevates risk, making it easier for remote attackers to exploit the flaw. This can lead to significant operational disruptions, regulatory compliance violations, and reputational damage.

Until official patches are released, organizations should immediately restrict network access to CentreStack and TrioFox endpoints, limiting exposure to trusted internal networks only. Deploy web application firewalls (WAFs) or intrusion prevention systems (IPS) with custom rules to detect and block suspicious requests indicative of local file inclusion attempts. Conduct thorough audits of existing deployments to identify publicly accessible endpoints and remove or isolate them. Monitor logs for unusual file access patterns or error messages related to file inclusion. Engage with Gladinet support to obtain timelines for patches and apply updates promptly once available. Consider implementing additional encryption layers or VPN tunnels to protect data in transit. Review and harden server configurations to minimize the impact of potential file inclusion, such as disabling unnecessary file system permissions and isolating application processes. Educate security teams about this vulnerability to improve detection and response capabilities.