Gladinet Centrestack
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Gladinet Centrestack.
Known Exploited Gladinet Centrestack Vulnerabilities
The following Gladinet Centrestack vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Gladinet CentreStack Use of Hard-coded Cryptographic Key Vulnerability |
Gladinet CentreStack contains a use of hard-coded cryptographic key vulnerability in the way that the application manages keys used for ViewState integrity verification. Successful exploitation allows an attacker to forge ViewState payloads for server-side deserialization, allowing for remote code execution. CVE-2025-30406 Exploit Probability: 75.5% |
April 8, 2025 |
The vulnerability CVE-2025-30406: Gladinet CentreStack Use of Hard-coded Cryptographic Key Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.
By the Year
In 2025 there have been 1 vulnerability in Gladinet Centrestack with an average score of 9.8 out of ten. Centrestack did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2025 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 1 | 9.80 |
| 2024 | 0 | 0.00 |
| 2023 | 2 | 8.50 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Centrestack vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Gladinet Centrestack Security Vulnerabilities
Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use
CVE-2025-30406
9.8 - Critical
- April 03, 2025
Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config.
Use of Hard-coded Credentials
An unrestricted file upload vulnerability in the administrative portal branding component of Gladinet CentreStack before 13.5.9808
CVE-2023-26830
7.2 - High
- March 31, 2023
An unrestricted file upload vulnerability in the administrative portal branding component of Gladinet CentreStack before 13.5.9808 allows authenticated attackers to execute arbitrary code by uploading malicious files to the server.
Unrestricted File Upload
An authentication bypass vulnerability in the Password Reset component of Gladinet CentreStack before 13.5.9808
CVE-2023-26829
9.8 - Critical
- March 31, 2023
An authentication bypass vulnerability in the Password Reset component of Gladinet CentreStack before 13.5.9808 allows remote attackers to set a new password for any valid user account, without needing the previous known password, resulting in a full authentication bypass.
AuthZ
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Gladinet Centrestack or by Gladinet? Click the Watch button to subscribe.
