Gladinet CentreStack deserialization RCE via hardcoded machineKey v16.1
CVE-2025-30406 Published on April 3, 2025
Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config.
Known Exploited Vulnerability
This Gladinet CentreStack Use of Hard-coded Cryptographic Key Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Gladinet CentreStack contains a use of hard-coded cryptographic key vulnerability in the way that the application manages keys used for ViewState integrity verification. Successful exploitation allows an attacker to forge ViewState payloads for server-side deserialization, allowing for remote code execution.
The following remediation steps are recommended / required by April 29, 2025: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Weakness Type
Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
Products Associated with CVE-2025-30406
Want to know whenever a new CVE is published for Gladinet Centrestack? stack.watch will email you.
Affected Versions
Gladinet CentreStack:- Before 16.4.10315.56368 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.