Vulnerability Details CVE-2025-30406
Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.854
EPSS Ranking 99.3%
CVSS Severity
CVSS v3 Score 9.0
Proposed Action
Gladinet CentreStack and Triofox contains a use of hard-coded cryptographic key vulnerability in the way that the application manages keys used for ViewState integrity verification. Successful exploitation allows an attacker to forge ViewState payloads for server-side deserialization, allowing for remote code execution.
Ransomware Campaign
Unknown
References
Products affected by CVE-2025-30406
-
cpe:2.3:a:gladinet:centrestack:-
-
cpe:2.3:a:gladinet:centrestack:13.5.9808
-
cpe:2.3:a:gladinet:centrestack:15.1.10113.55677
-
cpe:2.3:a:gladinet:centrestack:15.11.10288.56231
-
cpe:2.3:a:gladinet:centrestack:15.2.10121.55735
-
cpe:2.3:a:gladinet:centrestack:15.3.10131.55787
-
cpe:2.3:a:gladinet:centrestack:15.4.10136.55827
-
cpe:2.3:a:gladinet:centrestack:15.6.10197.55928
-
cpe:2.3:a:gladinet:centrestack:15.6.10206.55977
-
cpe:2.3:a:gladinet:centrestack:15.7.10211.56005
-
cpe:2.3:a:gladinet:centrestack:15.8.10226.56077
-
cpe:2.3:a:gladinet:centrestack:15.9.10269.56136
-
cpe:2.3:a:gladinet:centrestack:16.1.10296.56315