CVE-2025-30406

Description

Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config.

References

https://securityaffairs.com/176552/hacking/gladinet-flaw-cve-2025-30406-actively-exploited-in-the-wild.html

https://www.securityweek.com/huntress-documents-in-the-wild-exploitation-of-critical-gladinet-vulnerabilities/

https://www.huntress.com/blog/cve-2025-30406-critical-gladinet-centrestack-triofox-vulnerability-exploited-in-the-wild

https://thehackernews.com/2025/04/gladinets-triofox-and-centrestack-under.html

https://www.darkreading.com/vulnerabilities-threats/zero-day-centrestack-platform-under-attack

https://www.securityweek.com/cisa-urges-urgent-patching-for-exploited-centrestack-windows-zero-days/

https://www.bleepingcomputer.com/news/security/centrestack-rce-exploited-as-zero-day-to-breach-file-sharing-servers/

https://thehackernews.com/2025/04/cisa-warns-of-centrestacks-hard-coded.html

https://www.cisa.gov/news-events/alerts/2025/04/08/cisa-adds-two-known-exploited-vulnerabilities-catalog

https://www.centrestack.com/p/gce_latest_release.html

https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3