Lucene search
K

89 matches found

Tenable Nessus
Tenable Nessus
added 2025/12/17 12:0 a.m.8 views

Gladinet Triofox < 16.7.10368.56560 Improper Access Control

Gladinet Triofox version prior to 16.7.10368.56560 are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete. No source data...

9.1CVSS6.9AI score0.90532EPSS
Exploits1References2
CISA
CISA
added 2025/12/15 12:0 p.m.73 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-14611link is external Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability CVE-2025-43529link is external Apple Multiple Products...

9.8CVSS6.7AI score0.50949EPSS
In wildExploits11References7
CISA KEV Catalog
CISA KEV Catalog
added 2025/12/15 12:0 a.m.16 views

Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability

Gladinet CentreStack and TrioFox contain a hardcoded cryptographic keys vulnerability for their implementation of the AES cryptoscheme. This vulnerability degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially...

9.8CVSS6.8AI score0.50949EPSS
In wildExploits3
RedhatCVE
RedhatCVE
added 2025/12/13 10:0 p.m.13 views

CVE-2025-14611

Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted...

9.8CVSS7AI score0.50949EPSS
Exploits3References1
OSV
OSV
added 2025/12/12 9:15 p.m.4 views

CVE-2025-14611

Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted...

9.8CVSS5.8AI score0.50949EPSS
Exploits3References2
EUVD
EUVD
added 2025/12/12 9:1 p.m.10 views

EUVD-2025-203165

Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted...

7.1CVSS6.5AI score0.50949EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2025/12/12 9:1 p.m.9 views

CVE-2025-14611 Gladinet CentreStack and TrioFox Hard Coded AES Keys

Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted...

7.1CVSS6.6AI score0.50949EPSS
Exploits3References1
Cvelist
Cvelist
added 2025/12/12 9:1 p.m.33 views

CVE-2025-14611 Gladinet CentreStack and TrioFox Hard Coded AES Keys

Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted...

7.1CVSS0.50949EPSS
Exploits3References1
CVE
CVE
added 2025/12/12 9:1 p.m.39 views

CVE-2025-14611

CVE-2025-14611 affects Gladinet CentreStack and Triofox prior to 16.12.10420.56791. The root cause is hardcoded, static keys/IVs used by the AES cryptosystem (AES-256-CBC) in the web services, enabling attackers to forge or decrypt access tickets and potentially trigger arbitrary local file inclu...

9.8CVSS6.6AI score0.50949EPSS
In wildExploits3References2Affected Software2
VulnCheck KEV
VulnCheck KEV
added 2025/12/12 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-14611

Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted...

9.8CVSS5.9AI score0.50949EPSS
In wildExploits3References6
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.12 views

PT-2025-50981

Name of the Vulnerable Software and Affected Versions Gladinet CentreStack and Triofox versions prior to 16.12.10420.56791 Description Gladinet CentreStack and Triofox utilize hardcoded values in their AES cryptoscheme implementation. This weakens security, particularly for publicly exposed...

9.8CVSS6.7AI score0.50949EPSS
Exploits3References28
The Hacker News
The Hacker News
added 2025/12/11 5:56 a.m.9 views

Active Attacks Exploit Gladinet's Hard-Coded Keys for Unauthorized Access and Code Execution

Huntress is warning of a new actively exploited vulnerability in Gladinet's CentreStack and Triofox products stemming from the use of hard-coded cryptographic keys that have affected nine organizations so far. "Threat actors can potentially abuse this as a way to access the web.config file, openi...

9.8CVSS9.9AI score0.93842EPSS
Exploits10
Tenable Nessus
Tenable Nessus
added 2025/11/24 12:0 a.m.3 views

Gladinet Triofox Installed (Windows)

Binary data gladinettriofoxwininstalled.nbin...

7AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/24 12:0 a.m.10 views

Gladinet Triofox Improper Access Control (CVE-2025-12480)

The Gladinet Triofox prior to version 16.7.10368.56560. It is, therefore, are vulnerable to an Improper Access Control flaw. This vulnerability in Gladinet’s Triofox versions before 16.7.10368.56560 that lets unauthenticated attackers bypass authentication via a host-header spoof to...

9.1CVSS6.1AI score0.90532EPSS
Exploits1References3
CISA
CISA
added 2025/11/12 12:0 p.m.8 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-9242link is external WatchGuard Firebox Out-of-Bounds Write Vulnerability CVE-2025-12480link is external Gladinet Triofox Improper Access Control...

9.8CVSS6AI score0.90532EPSS
In wildExploits9References8
CISA KEV Catalog
CISA KEV Catalog
added 2025/11/12 12:0 a.m.8 views

Gladinet Triofox Improper Access Control Vulnerability

Gladinet Triofox contains an improper access control vulnerability that allows access to initial setup pages even after setup is complete...

9.1CVSS6.9AI score0.90532EPSS
In wildExploits1
RedhatCVE
RedhatCVE
added 2025/11/11 2:49 p.m.10 views

CVE-2025-12480

Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete...

9.1CVSS6.8AI score0.90532EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2025/11/10 8:49 p.m.10 views

Hackers Exploiting Triofox Flaw to Install Remote Access Tools via Antivirus Feature

Google's Mandiant Threat Defense on Monday said it discovered n-day exploitation of a now-patched security flaw in Gladinet's Triofox file-sharing and remote access platform. The critical vulnerability, tracked as CVE-2025-12480 CVSS score: 9.1, allows an attacker to bypass authentication and...

9.8CVSS10AI score0.93842EPSS
Exploits9
EUVD
EUVD
added 2025/11/10 3:31 p.m.9 views

EUVD-2025-44062

Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete...

9.1CVSS6.3AI score0.90532EPSS
Exploits1References5
NVD
NVD
added 2025/11/10 3:15 p.m.9 views

CVE-2025-12480

Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete...

9.1CVSS0.90532EPSS
Exploits1References5
Rows per page
Query Builder