- Description
- Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config.
- Source
- cve@mitre.org
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 9
- Impact score
- 6
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- cve@mitre.org
- CWE-321
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
🚨 CVE-2025-30406 ⚠️🔴 CRITICAL (9) 🏢 Gladinet - CentreStack 🏗️ 0 🔗 https://t.co/YAf8b7vrCI 🔗 https://t.co/rzdrNR6ePV #CyberCron #VulnAlert #InfoSec https://t.co/EXQCg5LfvA
@cybercronai
4 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-30406 Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use… https://t.co/Uw9EBelimM
@CVEnew
4 Apr 2025
314 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Triofox Security Advisory: CVE-2025-30406 - Please read this PDF for important remediation steps to protect your deployment. https://t.co/xhZxHkQSrM
@gladinet
4 Apr 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes