Gladinet Breach: Exploited Hard-Coded Keys Lead to Remote Attacks

Executive Summary

In December 2025, cybersecurity researchers identified a critical vulnerability within Gladinet’s CentreStack and Triofox products, enabling remote code execution (RCE) through exploited hard-coded cryptographic keys. This serious design flaw allows attackers to forge access tokens and decrypt sensitive files, posing significant risks to at least nine organizations across various sectors, including healthcare and technology. The exploitation occurred through crafted HTTP requests targeting the file server component, revealing a severe security oversight in Gladinet’s software. The incident highlights the urgent need for robust cybersecurity measures and regular audits to protect sensitive data from similar vulnerabilities.

 Read the full breach analysis from NHI Mgmt Group here

Key Details

Breach Timeline

• December 2025: Researchers from Huntress disclose the vulnerability affecting Gladinet’s products.
• Immediate investigation reveals exploitation in the wild, targeting multiple organizations.
• Organizations begin implementing security measures to mitigate risks.

Data Compromised

• Attackers gained access to sensitive files, including personal data and proprietary information.
• Access tokens were forged, granting unauthorized entry into affected systems.
• Static, hard-coded cryptographic keys played a crucial role in the breach’s success.

Impact Assessment

• At least nine organizations reported being compromised, leading to potential data breaches.
• Healthcare and technology sectors faced significant disruption due to the compromised systems.
• Long-term reputational damage is expected as clients and partners reassess security postures.

Company Response

• Gladinet released advisories urging users to upgrade to patched versions of their software.
• The company has begun an internal review to address security holes and enhance software design.
• Security teams have been mobilized to assist affected organizations in recovery efforts.

Security Implications

• This breach underscores the risks associated with hard-coded credentials in software design.
• Regular security assessments and code reviews are essential to prevent similar vulnerabilities.
• Organizations are encouraged to implement strict access controls and token management practices.

 If you want to learn more about how to secure NHIs including AI Agents, check our NHI Foundational Training Course.