CVE-2025-30406

Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config.

CVSS v3 9.0 CRITICAL

9.0^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf	Patch Vendor Advisory Mitigation
https://www.centrestack.com/p/gce_latest_release.html	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:gladinet:centrestack:*:*:*:*:*:*:*:*

History

10 Apr 2025, 16:19

Type	Values Removed	Values Added
References	~~() https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf -~~	() https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf - Patch, Vendor Advisory, Mitigation
References	~~() https://www.centrestack.com/p/gce_latest_release.html -~~	() https://www.centrestack.com/p/gce_latest_release.html - Release Notes
CWE		CWE-798
CPE		cpe:2.3:a:gladinet:centrestack::::::::
First Time		Gladinet Gladinet centrestack

07 Apr 2025, 14:18

Type	Values Removed	Values Added
Summary		(es) Gladinet CentreStack hasta la versión 16.1.10296.56315 (solucionada en la versión 16.4.10315.56368) presenta una vulnerabilidad de deserialización debido al uso de la clave de máquina (machineKey) codificada de forma rígida en el portal de CentreStack, explotada in situ en marzo de 2025. Esto permite a los actores de amenazas (que conocen la clave de máquina) serializar un payload para la deserialización del servidor y lograr la ejecución remota de código. NOTA: Un administrador de CentreStack puede eliminar manualmente la clave de máquina definida en portal\web.config.

04 Apr 2025, 02:15

Type	Values Removed	Values Added
Summary	(en) Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, which enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: the CentreStack admin can manually delete the machineKey defined in portal\web.config.	(en) Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.0
CWE		CWE-321

03 Apr 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-03 20:15

Updated : 2025-04-22 01:00

NVD link : CVE-2025-30406

Mitre link : CVE-2025-30406

CVE.ORG link : CVE-2025-30406

JSON object : View

Products Affected

gladinet

centrestack

CWE

CWE-321

Use of Hard-coded Cryptographic Key

CWE-798

Use of Hard-coded Credentials

9.0 /10