Gladinet Centrestack
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Gladinet Centrestack.
Known Exploited Gladinet Centrestack Vulnerabilities
The following Gladinet Centrestack vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Gladinet CentreStack Use of Hard-coded Cryptographic Key Vulnerability |
Gladinet CentreStack contains a use of hard-coded cryptographic key vulnerability in the way that the application manages keys used for ViewState integrity verification. Successful exploitation allows an attacker to forge ViewState payloads for server-side deserialization, allowing for remote code execution. CVE-2025-30406 Exploit Probability: 82.8% |
April 8, 2025 |
The vulnerability CVE-2025-30406: Gladinet CentreStack Use of Hard-coded Cryptographic Key Vulnerability is in the top 1% of the currently known exploitable vulnerabilities.
By the Year
In 2025 there have been 2 vulnerabilities in Gladinet Centrestack with an average score of 8.3 out of ten. Last year, in 2024 Centrestack had 2 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 2 | 8.25 |
| 2024 | 2 | 0.00 |
| 2023 | 2 | 8.50 |
It may take a day or so for new Centrestack vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Gladinet Centrestack Security Vulnerabilities
Gladinet CentreStack/TrioFox LFI (<=16.7.10368.56560)
CVE-2025-11371
7.5 - High
- October 09, 2025
In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560
Files or Directories Accessible to External Parties
Gladinet CentreStack deserialization RCE via hardcoded machineKey v16.1
CVE-2025-30406
9 - Critical
- April 03, 2025
Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config.
Use of Hard-coded Cryptographic Key
Reflected XSS in Gladinet CentreStack v13.12.9934.54690 via sessionId param
CVE-2024-37783
- November 22, 2024
A reflected cross-site scripting (XSS) vulnerability in Gladinet CentreStack v13.12.9934.54690 allows attackers to inject malicious JavaScript into the web browser of a victim via the sessionId parameter at /portal/ForgotPassword.aspx.
LDAP Injection in Gladinet CentreStack v13.12.9934.54690 Login
CVE-2024-37782
- November 22, 2024
An LDAP injection vulnerability in the login page of Gladinet CentreStack v13.12.9934.54690 allows attackers to access sensitive data or execute arbitrary commands via a crafted payload injected into the username field.
An unrestricted file upload vulnerability in the administrative portal branding component of Gladinet CentreStack before 13.5.9808
CVE-2023-26830
7.2 - High
- March 31, 2023
An unrestricted file upload vulnerability in the administrative portal branding component of Gladinet CentreStack before 13.5.9808 allows authenticated attackers to execute arbitrary code by uploading malicious files to the server.
Unrestricted File Upload
An authentication bypass vulnerability in the Password Reset component of Gladinet CentreStack before 13.5.9808
CVE-2023-26829
9.8 - Critical
- March 31, 2023
An authentication bypass vulnerability in the Password Reset component of Gladinet CentreStack before 13.5.9808 allows remote attackers to set a new password for any valid user account, without needing the previous known password, resulting in a full authentication bypass.
AuthZ
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Gladinet Centrestack or by Gladinet? Click the Watch button to subscribe.
