gladinet centrestack CVE-2025-30406 is a vulnerability in Gladinet Centrestack
Published on April 3, 2025

Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config.

Vendor Advisory NVD

Known Exploited Vulnerability

This Gladinet CentreStack Use of Hard-coded Cryptographic Key Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Gladinet CentreStack contains a use of hard-coded cryptographic key vulnerability in the way that the application manages keys used for ViewState integrity verification. Successful exploitation allows an attacker to forge ViewState payloads for server-side deserialization, allowing for remote code execution.

The following remediation steps are recommended / required by April 29, 2025: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Vulnerability Analysis

CVE-2025-30406 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

Use of Hard-coded Credentials

The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.


Products Associated with CVE-2025-30406

You can be notified by stack.watch whenever vulnerabilities like CVE-2025-30406 are published in these products:

Gladinet Centrestack
 

What versions of Centrestack are vulnerable to CVE-2025-30406?