Vulnerability Details CVE-2025-30406
Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.656
EPSS Ranking 98.4%
CVSS Severity
CVSS v3 Score 9.0
Proposed Action
Gladinet CentreStack and Triofox contains a use of hard-coded cryptographic key vulnerability in the way that the application manages keys used for ViewState integrity verification. Successful exploitation allows an attacker to forge ViewState payloads for server-side deserialization, allowing for remote code execution.
Ransomware Campaign
Unknown
References
Products affected by CVE-2025-30406
-
cpe:2.3:a:gladinet:centrestack:-
-
cpe:2.3:a:gladinet:centrestack:13.5.9808