CVE-2025-30406 - Gladinet CentreStack
AI Vulnerability ContextGladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey define...
Overview
A source-backed snapshot of this vulnerability.
Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config.
Vulnerability status
How serious this vulnerability is and whether it is known to be exploited.
- CVE ID
- CVE-2025-30406
- Vendor/project
- Gladinet
- Product
- CentreStack
- Vulnerability name
- Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability
- Date added
- 2025-04-08
- Due date
- 2025-04-29
- Known ransomware campaign use
- Unknown
- CVSS v3
- 9.0
Exploit context
What the vulnerability is about.
Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config.
Source evidence
Original public records and references for this page.
Original source
Original source links
Open the public records and source datasets used for this page.
