The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical security vulnerability affecting Gladinet
CentreStack to its Known Exploited Vulnerabilities (KEV) catalog on Tuesday, citing evidence of active exploitation. The flaw, identified as CVE-2025-30406 (CVSS score: 9.0), involves a hard-coded cryptographic key that could potentially be exploited for remote code execution. A fix for the issue was included in the release of version 16.4.10315.56368, which came out on April 3, 2025.
CISA explained that the vulnerability arises from how Gladinet CentreStack handles cryptographic keys used for ViewState integrity verification. The flaw allows attackers to manipulate ViewState payloads, triggering server-side deserialization that could lead to remote code execution. The root cause lies in the use of a hard-coded "machineKey" in the IIS web.config file, which enables attackers who know the key to create a payload for deserialization on the server, resulting in potential remote code execution. Although no specific details have been released on how the vulnerability is being exploited, the CVE.org description mentions that CVE-2025-30406 was exploited as a zero-day in March 2025.
Gladinet has acknowledged the issue, confirming that exploitation has been observed in the wild. The company urges its customers to apply the available patches promptly. If immediate patching is not feasible, Gladinet recommends rotating the "machineKey" value as a temporary workaround.
Found this article interesting? Follow us on X(Twitter) and FaceBook to read more exclusive content we post.
