CVE-2025-30406 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

Gladinet CentreStack Use of Hard-coded Cryptographic Key Vulnerability

Exploit added

April 8, 2025

Action due

April 29, 2025

Action required

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal’s hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portalweb.config.

References

Weakness Enumeration

CWE-ID	CWE Name
CWE-321	Use of Hard-coded Cryptographic Key
CWE-798	Use of Hard-coded Credentials

Known Affected Software Configurations

cpe:2.3:a:gladinet:centrestack:-:::::::*
cpe:2.3:a:gladinet:centrestack:13.5.9808:::::::*

Details

Source:
NVD

Published:
April 3, 2025

Updated:
April 10, 2025

Risk information

CVSS v3

Base score:
9

Severity:

CRITICAL

Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS v2

Not defined