CVE-2025-14611
好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内,并且不需要特定的开头。首先,我得仔细阅读文章内容,找出关键信息。 文章主要讲的是CVE-2025-14611这个漏洞,它是一个未认证的本地文件包含漏洞,影响Gladinet CentreStack和Triofox。问题出在旧版本中使用了硬编码的AES加密方案值,导致安全风险增加,可能被利用来包含任意本地文件。 接下来,文章提到CISA已经将此漏洞加入已知被利用的漏洞目录,说明这是一个高优先级的问题。修复方法是升级到特定版本,并建议限制公共访问以减少风险。 总结的时候,我需要涵盖漏洞名称、影响的产品、问题原因、风险、修复措施以及CISA的行动。同时要控制在100字以内,语言简洁明了。 可能会遇到的问题是如何在有限字数内准确传达所有关键点。比如,“未认证”和“硬编码”这些术语是否需要保留?还有修复措施中的升级版本号是否有必要详细写出?可能需要简化一些细节,确保整体信息完整。 最后,检查一下字数是否符合要求,并确保没有遗漏重要信息。 </think> Gladinet CentreStack 和 Triofox 存在未认证的本地文件包含漏洞(CVE-2025-14611),源于旧版本中 AES 加密方案使用硬编码值。此漏洞可导致敏感配置文件泄露或任意文件包含。CISA 已将其列为已知被利用漏洞。建议立即升级到 16.12.10420.56791 或更高版本,并限制公共访问以降低风险。 2025-12-19 16:0:51 Author: horizon3.ai(查看原文) 阅读量:0 收藏

CVE-2025-14611 is an unauthenticated local file inclusion (LFI) vulnerability in Gladinet CentreStack and Triofox. The issue stems from hardcoded values used in the AES cryptoscheme in vulnerable versions. In practice, this can degrade security for publicly exposed endpoints and may allow arbitrary local file inclusion when a specially crafted request is provided without authentication.

Technical Details

  • CentreStack and Triofox versions prior to 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme.
  • This degrades security for publicly exposed endpoints that use the cryptoscheme and may enable arbitrary local file inclusion via a specially crafted unauthenticated request.
  • Active exploitation has been reported publicly, and defenders should treat exposed instances as high priority.
  • CISA has added CVE-2025-14611 to the Known Exploited Vulnerabilities (KEV) catalog.

Stop Guessing, Start Proving

Illustration for Gladinet CentreStack and Triofox local file inclusion vulnerability CVE-2025-14611 with CISA KEV and active exploitation callout

NodeZero® Offensive Security Platform — Rapid Response

The Gladinet CentreStack / Triofox Rapid Response test for CVE-2025-14611 enables customers to safely verify whether CentreStack and Triofox instances are exploitable via this path, and to confirm remediation once fixes are applied.

  • Run the Rapid Response test to assess both internet-facing and internal CentreStack or Triofox portal endpoints.
  • Patch immediately by upgrading CentreStack and Triofox to version 16.12.10420.56791 or later, and reduce risk by restricting public access to portal endpoints wherever possible.
  • Re-run the Rapid Response test after applying fixes to confirm exploitability has been removed.

If the Rapid Response test confirms exploitability, treat this as an incident. Preserve logs, isolate affected systems, and validate whether sensitive configuration material was accessed or used for follow-on activity.

Indicators of Compromise (IOCs) — hunting guidance

IndicatorTypeDescription / detection tips
Requests to UploadDownloadProxy filesrv pathsNetwork / WebLook for unusual unauthenticated requests touching UploadDownloadProxy endpoints, especially patterns consistent with crafted “ticket” values.
Attempts to retrieve sensitive configuration files (e.g., web.config)File / BehaviorHunt for access to configuration files that could enable follow-on compromise. Correlate with suspicious portal traffic.
Encrypted path string vghpI7EToZUDIZDdprSubL3mTZ2Web / ArtifactReported as an encrypted representation of the web.config file path. Search proxy, WAF, and web server logs for this value.
Follow-on host and web-server anomaliesHost / BehaviorDefensive guidance: watch for unusual child processes, new scheduled tasks, or unexpected outbound connections originating from the server after suspicious portal activity.

Affected Versions & Patch

  • Affected: Gladinet CentreStack and Triofox versions prior to 16.12.10420.56791.
  • Patch: Upgrade to version 16.12.10420.56791 or later, then validate exploitability has been eliminated.

Recommended actions (summary)

  1. Inventory and scope all CentreStack and Triofox instances, including MSP-managed and internal deployments.
  2. Patch immediately and restrict public exposure of portal endpoints where feasible.
  3. Hunt for IOC signals associated with suspicious portal requests and sensitive file access attempts.
  4. Verify remediation by re-testing after upgrades.

References

🔗 NVD — CVE-2025-14611

🔗 CISA Alert (Dec 15, 2025) — Adds CVE-2025-14611 to KEV

🔗 Huntress — Active exploitation and mitigation guidance

🔗 GitHub Advisory Database — CVE-2025-14611 summary 

🔗 The Hacker News — log-hunt string vghpI7EToZUDIZDdprSubL3mTZ2

Read about other CVEs

NodeZero® Platform

Implement a continuous find, fix, and verify loop with NodeZero

The NodeZero® platform empowers your organization to reduce your security risks by autonomously finding exploitable weaknesses in your network, giving you detailed guidance around how to priortize and fix them, and having you immediately verify that your fixes are effective.

Explore NodeZero

Recognized By


文章来源: https://horizon3.ai/attack-research/vulnerabilities/cve-2025-14611/
如有侵权请联系:admin#unsafe.sh