ET WEB_SPECIFIC_APPS Gladinet CentreStack/Triofox Hardcoded AES Key Arbitrary File Read (CVE-2025-14611)

SID: 2066362Rev: 16 views
Sourceet/open
CreatedDecember 18, 2025
UpdatedDecember 18, 2025
Classificationweb-application-attack
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Gladinet CentreStack/Triofox Hardcoded AES Key Arbitrary File Read (CVE-2025-14611)"; flow:established,to_server; http.uri; content:"/storage/filesvr.dn?"; content:"t|3d|vghpI7EToZUDIZDdprSubL3mTZ2|3a|aCLI|3a|8Zra5AOPvX4TEEXlZiueqNysfRx7Dsd3P5l6eiYyDiG8Lvm0o41m"; fast_pattern; pcre:"/^(?:\x7cGbA\x7cRIwrK0WT6jLb\x3aulpCaAEZ7n1cnc6XQR3EtoADI|\x3aZDplEYEsO5ksZajiXcsu(?:mkDyUgpV5VLxL\x7c372varAu|kOQzFIwOzIHswJBdS7w0RY))/R"; reference:url,www.huntress.com/blog/active-exploitation-gladinet-centrestack-triofox-insecure-cryptography-vulnerability; reference:cve,2025-14611; classtype:web-application-attack; sid:2066362; rev:1; metadata:affected_product Gladinet_Triofox, attack_target Server, tls_state TLSDecrypt, created_at 2025_12_18, cve CVE_2025_14611, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence High, signature_severity Major, tag Exploit, updated_at 2025_12_18, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)

References

urlwww.huntress.com/blog/active-exploitation-gladinet-centrestack-triofox-insecure-cryptography-vulnerability
cve2025-14611

Metadata

affected productGladinet_Triofox
attack targetServer
tls stateTLSDecrypt
created at2025_12_18
deploymentSSLDecrypt
confidenceHigh
signature severityMajor
tagExploit
updated at2025_12_18
mitre tactic idTA0001
mitre tactic nameInitial_Access
mitre technique idT1190
mitre technique nameExploit_Public_Facing_Application

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!