CVE-2025-30406

Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config.

CVSS v3 9.0 CRITICAL

9.0^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.2 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf	Mitigation Patch Vendor Advisory
https://www.centrestack.com/p/gce_latest_release.html	Release Notes
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-30406	US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:gladinet:centrestack:*:*:*:*:*:*:*:*

History

05 Nov 2025, 19:27

Type	Values Removed	Values Added
References	~~() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-30406 -~~	() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-30406 - US Government Resource

Information

Published : 2025-04-03 20:15

Updated : 2025-11-05 19:27

NVD link : CVE-2025-30406

Mitre link : CVE-2025-30406

CVE.ORG link : CVE-2025-30406

JSON object : View

Products Affected

gladinet

centrestack

CWE

CWE-321

Use of Hard-coded Cryptographic Key

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2025-30406", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-04-03T20:15:24.987", "references": [{"url": "https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.centrestack.com/p/gce_latest_release.html", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-30406", "tags": ["US Government Resource"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-321"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\\web.config."}, {"lang": "es", "value": "Gladinet CentreStack hasta la versi\u00f3n 16.1.10296.56315 (solucionada en la versi\u00f3n 16.4.10315.56368) presenta una vulnerabilidad de deserializaci\u00f3n debido al uso de la clave de m\u00e1quina (machineKey) codificada de forma r\u00edgida en el portal de CentreStack, explotada in situ en marzo de 2025. Esto permite a los actores de amenazas (que conocen la clave de m\u00e1quina) serializar un payload para la deserializaci\u00f3n del servidor y lograr la ejecuci\u00f3n remota de c\u00f3digo. NOTA: Un administrador de CentreStack puede eliminar manualmente la clave de m\u00e1quina definida en portal\\web.config."}], "lastModified": "2025-11-05T19:27:44.190", "cisaActionDue": "2025-04-29", "cisaExploitAdd": "2025-04-08", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gladinet:centrestack:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D44CE026-3259-4767-8AE9-0580BD0A3668", "versionEndExcluding": "16.4.10315.56368"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]", "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability"}