← back
CVE-2025-30406

CVE-2025-30406

CVSS 9 CRITICALEPSS 92.7%● KEVCWE-321
In short

Gladinet CentreStack uses a fixed, publicly known encryption key that allows attackers to craft malicious data files. When the server processes these files, it executes arbitrary code, giving attackers complete control of the system.

Technical detail

CentreStack versions up to 16.1.10296.56315 employ a hardcoded machineKey for deserialization in the portal, enabling unauthenticated remote code execution. An attacker with knowledge of the machineKey can serialize a malicious payload that achieves RCE upon server-side deserialization without authentication. Mitigation includes upgrading to 16.4.10315.56368 or manually removing the machineKey from portal\web.config.

Summary generated and translated by AI from the official description.
Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Gladinet · CentreStack
public PoCs found2
githubgithub.com/mchklt/CVE-2025-3040690githubgithub.com/W01fh4cker/CVE-2025-3040612
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdfhttps://www.centrestack.com/p/gce_latest_release.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-30406