Centrestack
CVE-2025-30406
CRITICAL
Severity by source
AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config.
AnalysisAI
Gladinet CentreStack contains a deserialization vulnerability caused by a hardcoded machineKey in the portal, allowing unauthenticated remote code execution through crafted ViewState payloads.
Technical ContextAI
The CWE-321 use of a hardcoded cryptographic key means all CentreStack installations share the same machineKey for ViewState MAC validation. Attackers craft malicious .NET serialized objects, sign them with the known key, and submit them for server-side deserialization.
RemediationAI
Update to 16.4.10315.56368+. Generate unique machineKeys for each installation. Review for signs of exploitation.
More in Centrestack
View allAn authentication bypass vulnerability in the Password Reset component of Gladinet CentreStack before 13.5.9808 allows r
An unrestricted file upload vulnerability in the administrative portal branding component of Gladinet CentreStack before
Same weakness CWE-321 – Use of Hard-coded Cryptographic Key
View allShare
External POC / Exploit Code
Leaving vuln.today