What is the CVSS score of CVE-2025-30406?

CVE-2025-30406 has a CVSS 3.1 base score of 9.0 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 83.4%.

Which versions of Centrestack are affected by CVE-2025-30406?

CVE-2025-30406 presents critical security risk, a hard-coded crypto key vulnerability rated CVSS 9.0.. A patch is available.

Is CVE-2025-30406 being actively exploited?

Yes, CVE-2025-30406 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, confirming active in-the-wild exploitation. Immediate patching is required.

How to fix or mitigate CVE-2025-30406?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Vendor patch is available.

Centrestack CVE-2025-30406

CRITICAL

Use of Hard-coded Cryptographic Key (CWE-321)

2025-04-03 cve@mitre.org

RCE Deserialization Centrestack

9.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:34 vuln.today

Patch released

Mar 28, 2026 - 18:34 nvd

Patch available

Added to CISA KEV

Nov 05, 2025 - 19:27 cisa

CISA KEV

CVE Published

Apr 03, 2025 - 20:15 nvd

CRITICAL 9.0

DescriptionNVD

Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config.

AnalysisAI

Gladinet CentreStack contains a deserialization vulnerability caused by a hardcoded machineKey in the portal, allowing unauthenticated remote code execution through crafted ViewState payloads.

Technical ContextAI

The CWE-321 use of a hardcoded cryptographic key means all CentreStack installations share the same machineKey for ViewState MAC validation. Attackers craft malicious .NET serialized objects, sign them with the known key, and submit them for server-side deserialization.

RemediationAI

Update to 16.4.10315.56368+. Generate unique machineKeys for each installation. Review for signs of exploitation.

CVE-2025-30406 vulnerability details – vuln.today

Back

Centrestack CVE-2025-30406

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code