Deserialization Vulnerability in Gladinet CentreStack Portal
CVE-2025-30406
Key Information:
- Vendor
- Gladinet
- Status
- Centrestack
- Vendor
- CVE Published:
- 3 April 2025
Badges
What is CVE-2025-30406?
CVE-2025-30406 is a critical security vulnerability in Gladinet CentreStack Portal, a platform designed for secure file sharing and collaboration. This vulnerability arises from the application’s use of a hardcoded machineKey, which allows attackers with knowledge of this key to exploit server-side deserialization. If successfully exploited, this flaw could enable remote code execution, placing organizations at significant risk by compromising system integrity and potentially exposing sensitive data.
Technical Details
The vulnerability is rooted in a deserialization flaw that exists in versions of Gladinet CentreStack prior to 16.4.10315.56368. Specifically, the hardcoded machineKey in the portal's web configuration file makes it susceptible to attacks. Threat actors can create malicious payloads to execute arbitrary code on the server, given that they can access the machineKey. This poses a substantial security risk, making it essential for organizations to address this vulnerability through timely updates and patches.
Potential impact of CVE-2025-30406
-
Remote Code Execution: Successful exploitation of this vulnerability allows attackers to execute arbitrary code on the affected server, which can result in unauthorized access to sensitive systems and data.
-
Data Breaches: The compromised systems could lead to significant data leaks, including confidential business information, customer data, and intellectual property, which could have severe financial and reputational repercussions for organizations.
-
System Compromise: Unauthorized access via this vulnerability may open the door to further attacks, including the deployment of various forms of malware and ransomware, potentially disrupting business operations and necessitating extensive recovery efforts.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
CentreStack 0 < 16.4.10315.56368
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
Security AffairsCVE-2025-30406Gladinet flaw CVE-2025-30406 actively exploited in the wild
Huntress reports active exploitation of Gladinet CVE-2025-30406 in the wild, affecting seven organizations and 120 endpoints.
4 days ago
Attackers exploit zero-day flaw in Gladinet CentreStack file-sharing platform
Critical vulnerability affects both CentreStack and Gladinet’s on-premises file-sharing server, Triofox.
4 days ago
Huntress Documents In-The-Wild Exploitation of Critical Gladinet Vulnerabilities
The flaw, tagged as CVE-2025-30406, was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog in early April.
5 days ago
References
EPSS Score
58% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 📈
Vulnerability started trending
- 💰
Used in Ransomware
- 📰
First article discovered by CISA (.gov)
- 👾
Exploit known to exist
- 🦅
CISA Reported
Vulnerability published
Vulnerability Reserved