CVE-2025-30406 | THREATINT

Description

Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config.

PUBLISHED Reserved 2025-03-21 | Published 2025-04-03 | Updated 2025-10-21 | Assigner mitre

CRITICAL: 9.0CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA Known Exploited Vulnerability

Date added 2025-04-08 | Due date 2025-04-29

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Problem types

CWE-321 Use of Hard-coded Cryptographic Key

Product status

Default status

unaffected

Any version before 16.4.10315.56368

affected

References

www.cisa.gov/...erabilities-catalog?field_cve=CVE-2025-30406 government-resource

www.centrestack.com/p/gce_latest_release.html

gladinetsupport.s3.us-east-1.amazonaws.com/...y-cve-2005.pdf

cve.org (CVE-2025-30406)

nvd.nist.gov (CVE-2025-30406)

Download JSON