CVE-2025-30406

CRITICAL
2025-04-03 [email protected]
9.0
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 28, 2026 - 18:34 vuln.today
Patch Released
Mar 28, 2026 - 18:34 nvd
Patch available
Added to CISA KEV
Nov 05, 2025 - 19:27 cisa
CISA KEV
CVE Published
Apr 03, 2025 - 20:15 nvd
CRITICAL 9.0

Tags

RCE Deserialization Centrestack

Description

Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config.

Analysis

Gladinet CentreStack contains a deserialization vulnerability caused by a hardcoded machineKey in the portal, allowing unauthenticated remote code execution through crafted ViewState payloads.

Technical Context

The CWE-321 use of a hardcoded cryptographic key means all CentreStack installations share the same machineKey for ViewState MAC validation. Attackers craft malicious .NET serialized objects, sign them with the known key, and submit them for server-side deserialization.

Affected Products

['Gladinet CentreStack through 16.1.10296.56315']

Remediation

Update to 16.4.10315.56368+. Generate unique machineKeys for each installation. Review for signs of exploitation.

Priority Score

178
Low Medium High Critical
KEV: +50
EPSS: +83.4
CVSS: +45
POC: 0

Share

CVE-2025-30406 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy