top of page
perceptive_background_267k.jpg

Hackers exploit Gladinet CentreStack cryptographic flaw in RCE attacks

Published:

11 december 2025 om 21:49:10

Alert date:

11 december 2025 om 22:03:18

Source:

bleepingcomputer.com

Click to open the original link from this advisory

Hackers are actively exploiting a new, undocumented cryptographic vulnerability in Gladinet's CentreStack and Triofox products. The flaw affects the implementation of cryptographic algorithms in these secure remote file access and sharing solutions. Attackers are leveraging this vulnerability to achieve remote code execution (RCE) on affected systems. The vulnerability appears to be a zero-day exploit targeting the cryptographic implementation rather than a known CVE. Organizations using CentreStack or Triofox products for file sharing and remote access are at risk of compromise through this active exploitation campaign.

Technical details

The IAM client in affected Siemens products is missing server certificate validation while establishing TLS connections to the authorization server. This improper certificate validation (CWE-295) could allow an unauthenticated remote attacker to perform man-in-the-middle attacks. The vulnerability is exploitable remotely and has a CVSS v4 score of 9.1 and CVSS v3.1 score of 7.4.

Mitigation steps:

Update affected products to latest versions: Solid Edge SE2025 to V225.0 Update 10 or later, Solid Edge SE2026 to V226.0 Update 1 or later, NX V2412 to V2412.8700 or later, Simcenter Femap to V2506.0002 or later, NX V2506 to V2506.6000 or later, Simcenter 3D to V2506.6000 or later. No fix currently available for COMOS V10.6. Minimize network exposure for control systems, ensure systems are not accessible from internet, locate control system networks behind firewalls, use secure remote access methods like VPNs, implement defense-in-depth strategies, and follow Siemens operational guidelines for industrial security.

Affected products:

COMOS V10.6: All versions
NX V2412: All versions prior to 2412.8700
NX V2506: All versions prior to 2506.6000
Simcenter 3D: All versions prior to 2506.6000
Simcenter Femap: All versions prior to 2506.0002
Solid Edge SE2025: All versions prior to V225.0 Update 10
Solid Edge SE2026: All versions prior to V226.0 Update 1

Related links:

https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications
https://github.com/cisagov/CSAF
https://cwe.mitre.org/data/definitions/295.html
https://www.cve.org/CVERecord?id=CVE-2025-40800
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
https://support.sw.siemens.com/product/246738425/
https://support.sw.siemens.com/product/209349590/
https://support.sw.siemens.com/product/275652363/
https://support.sw.siemens.com/product/289054037/
https://www.siemens.com/cert/operational-guidelines-industrial-security
https://www.siemens.com/industrialsecurity
https://cert-portal.siemens.com/productcert/html/ssa-868571.html
https://cert-portal.siemens.com/productcert/csaf/ssa-868571.json

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page