cvelistv5 - cve-2025-30406

CVE-2025-30406 (GCVE-0-2025-30406)

Vulnerability from cvelistv5 – Published: 2025-04-03 00:00 – Updated: 2025-10-21 22:55

CISA

Summary

Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config.

Severity ?

9 (Critical)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-321 - Use of Hard-coded Cryptographic Key

Assigner

mitre

References

URL

	Vendor	Product	Version
	Gladinet	CentreStack	Affected: 0 , < 16.4.10315.56368 (custom)

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2025-04-08

Due date: 2025-04-29

Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Used in ransomware: Unknown

Notes: https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf ; https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2025-triofox.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2025-30406

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30406",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-08T17:38:16.523654Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-04-08",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-30406"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:22.155Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-30406"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-04-08T00:00:00+00:00",
            "value": "CVE-2025-30406 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CentreStack",
          "vendor": "Gladinet",
          "versions": [
            {
              "lessThan": "16.4.10315.56368",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:gladinet:centrestack:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.4.10315.56368",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal\u0027s hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\\web.config."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-321",
              "description": "CWE-321 Use of Hard-coded Cryptographic Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-04T01:36:33.217Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.centrestack.com/p/gce_latest_release.html"
        },
        {
          "url": "https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-30406",
    "datePublished": "2025-04-03T00:00:00.000Z",
    "dateReserved": "2025-03-21T00:00:00.000Z",
    "dateUpdated": "2025-10-21T22:55:22.155Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2025-30406",
      "cwes": "[\"CWE-321\"]",
      "dateAdded": "2025-04-08",
      "dueDate": "2025-04-29",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf ; https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2025-triofox.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2025-30406",
      "product": "CentreStack",
      "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Gladinet CentreStack and Triofox contains a use of hard-coded cryptographic key vulnerability in the way that the application manages keys used for ViewState integrity verification. Successful exploitation allows an attacker to forge ViewState payloads for server-side deserialization, allowing for remote code execution.",
      "vendorProject": "Gladinet",
      "vulnerabilityName": "Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-30406\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-04-03T20:15:24.987\",\"lastModified\":\"2025-11-05T19:27:44.190\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal\u0027s hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\\\\web.config.\"},{\"lang\":\"es\",\"value\":\"Gladinet CentreStack hasta la versi\u00f3n 16.1.10296.56315 (solucionada en la versi\u00f3n 16.4.10315.56368) presenta una vulnerabilidad de deserializaci\u00f3n debido al uso de la clave de m\u00e1quina (machineKey) codificada de forma r\u00edgida en el portal de CentreStack, explotada in situ en marzo de 2025. Esto permite a los actores de amenazas (que conocen la clave de m\u00e1quina) serializar un payload para la deserializaci\u00f3n del servidor y lograr la ejecuci\u00f3n remota de c\u00f3digo. NOTA: Un administrador de CentreStack puede eliminar manualmente la clave de m\u00e1quina definida en portal\\\\web.config.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2025-04-08\",\"cisaActionDue\":\"2025-04-29\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability\",\"weaknesses\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-321\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gladinet:centrestack:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"16.4.10315.56368\",\"matchCriteriaId\":\"D44CE026-3259-4767-8AE9-0580BD0A3668\"}]}]}],\"references\":[{\"url\":\"https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.centrestack.com/p/gce_latest_release.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-30406\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-30406\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-08T17:38:16.523654Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2025-04-08\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-30406\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-04-08T00:00:00+00:00\", \"value\": \"CVE-2025-30406 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-30406\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-07T17:01:46.972Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 9, \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\"}}], \"affected\": [{\"vendor\": \"Gladinet\", \"product\": \"CentreStack\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"16.4.10315.56368\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.centrestack.com/p/gce_latest_release.html\"}, {\"url\": \"https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf\"}], \"x_generator\": {\"engine\": \"enrichogram 0.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal\u0027s hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\\\\web.config.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-321\", \"description\": \"CWE-321 Use of Hard-coded Cryptographic Key\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:gladinet:centrestack:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.4.10315.56368\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-04-04T01:36:33.217Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-30406\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T22:55:22.155Z\", \"dateReserved\": \"2025-03-21T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-04-03T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

NCSC-2025-0121

Vulnerability from csaf_ncscnl - Published: 2025-04-10 11:53 - Updated: 2025-04-10 11:53

Summary

Kwetsbaarheid verholpen in Gladinet CentreStack

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

Gladinet heeft een kwetsbaarheid verholpen in CentreStack (Versies tot 16.1.10296.56315).

Interpretaties

De kwetsbaarheid bevindt zich in de manier waarop hardcoded machineKeys en cryptografische sleutels worden gebruikt, hetgeen resulteert in een ernstige deserialisatiekwetsbaarheid. De kwetsbaarheid maakt het voor een kwaadwillende mogelijk om malafide ViewState-payloads te genereren die door het getroffen systeem als geldig worden geaccepteerd. Hierdoor kan willekeurige code op afstand worden uitgevoerd binnen de context van het kwetsbare systeem. Gladinet geeft aan dat de kwetsbaarheid sinds maart 2025 actief wordt misbruikt. Ook het Amerikaanse Cybersecurity and Infrastructure Security Agency (CISA) meldt via de Known Exploited Vulnerability Database dat de kwetsbaarheid is misbruikt.

Oplossingen

Gladinet heeft een beveiligingsupdate uitgebracht in versie 16.4.10315.56368 van CentreStack. In deze versie wordt tijdens de installatie automatisch een unieke machineKey gegenereerd, waarmee de onderliggende kwetsbaarheid wordt gemitigeerd. Het Nationaal Cyber Security Centrum (NCSC) adviseert organisaties met klem om hun systemen zo spoedig mogelijk bij te werken naar deze versie. Indien een directe update niet haalbaar is, wordt aanbevolen om handmatig een unieke machineKey te genereren en toe te passen. Aangezien de kwetsbaarheid actief is misbruikt, adviseert het NCSC organisaties tevens om nader technisch onderzoek uit te voeren. Raadpleeg de bijgevoegde referenties voor aanvullende toelichting en technische details.

Kans

medium

Schade

high

CWE-321

Use of Hard-coded Cryptographic Key

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Gladinet heeft een kwetsbaarheid verholpen in CentreStack (Versies tot 16.1.10296.56315).",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheid bevindt zich in de manier waarop hardcoded machineKeys en cryptografische sleutels worden gebruikt, hetgeen resulteert in een ernstige deserialisatiekwetsbaarheid. De kwetsbaarheid maakt het voor een kwaadwillende mogelijk om malafide ViewState-payloads te genereren die door het getroffen systeem als geldig worden geaccepteerd. Hierdoor kan willekeurige code op afstand worden uitgevoerd binnen de context van het kwetsbare systeem. Gladinet geeft aan dat de kwetsbaarheid sinds maart 2025 actief wordt misbruikt. Ook het Amerikaanse Cybersecurity and Infrastructure Security Agency (CISA) meldt via de Known Exploited Vulnerability Database dat de kwetsbaarheid is misbruikt. \n\n",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Gladinet heeft een beveiligingsupdate uitgebracht in versie 16.4.10315.56368 van CentreStack. In deze versie wordt tijdens de installatie automatisch een unieke machineKey gegenereerd, waarmee de onderliggende kwetsbaarheid wordt gemitigeerd. Het Nationaal Cyber Security Centrum (NCSC) adviseert organisaties met klem om hun systemen zo spoedig mogelijk bij te werken naar deze versie. Indien een directe update niet haalbaar is, wordt aanbevolen om handmatig een unieke machineKey te genereren en toe te passen. Aangezien de kwetsbaarheid actief is misbruikt, adviseert het NCSC organisaties tevens om nader technisch onderzoek uit te voeren. Raadpleeg de bijgevoegde referenties voor aanvullende toelichting en technische details.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Use of Hard-coded Cryptographic Key",
        "title": "CWE-321"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - certbundde; hkcert; ibm; redhat",
        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
      },
      {
        "category": "external",
        "summary": "Reference - cisagov",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30406"
      },
      {
        "category": "external",
        "summary": "Reference - cisagov; cveprojectv5; nvd",
        "url": "https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf"
      }
    ],
    "title": "Kwetsbaarheid verholpen in Gladinet CentreStack",
    "tracking": {
      "current_release_date": "2025-04-10T11:53:42.018541Z",
      "generator": {
        "date": "2025-02-25T15:15:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.0"
        }
      },
      "id": "NCSC-2025-0121",
      "initial_release_date": "2025-04-10T11:53:42.018541Z",
      "revision_history": [
        {
          "date": "2025-04-10T11:53:42.018541Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/\u003c16.4.10315.56368",
                "product": {
                  "name": "vers:unknown/\u003c16.4.10315.56368",
                  "product_id": "CSAFPID-2618308"
                }
              }
            ],
            "category": "product_name",
            "name": "CentreStack"
          }
        ],
        "category": "vendor",
        "name": "Gladinet"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-30406",
      "cwe": {
        "id": "CWE-321",
        "name": "Use of Hard-coded Cryptographic Key"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use of Hard-coded Cryptographic Key",
          "title": "CWE-321"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2618308"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-30406",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30406.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2618308"
          ]
        }
      ],
      "title": "CVE-2025-30406"
    }
  ]
}

GHSA-HGP9-3V5V-223J

Vulnerability from github – Published: 2025-04-03 21:32 – Updated: 2025-10-22 00:33

Details

Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, which enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: the CentreStack admin can manually delete the machineKey defined in portal\web.config.

Severity ?

9.0 (Critical)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-30406"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-321",
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-03T20:15:24Z",
    "severity": "CRITICAL"
  },
  "details": "Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal\u0027s hardcoded machineKey use, which enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: the CentreStack admin can manually delete the machineKey defined in portal\\web.config.",
  "id": "GHSA-hgp9-3v5v-223j",
  "modified": "2025-10-22T00:33:16Z",
  "published": "2025-04-03T21:32:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30406"
    },
    {
      "type": "WEB",
      "url": "https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.centrestack.com/p/gce_latest_release.html"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-30406"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2025-30406

Vulnerability from fkie_nvd - Published: 2025-04-03 20:15 - Updated: 2025-11-05 19:27

Severity ?

9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf	Mitigation, Patch, Vendor Advisory
cve@mitre.org	https://www.centrestack.com/p/gce_latest_release.html	Release Notes
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-30406	US Government Resource

Impacted products

	Vendor	Product	Version
	gladinet	centrestack	*

JSON

To clipboard

{
  "cisaActionDue": "2025-04-29",
  "cisaExploitAdd": "2025-04-08",
  "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gladinet:centrestack:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D44CE026-3259-4767-8AE9-0580BD0A3668",
              "versionEndExcluding": "16.4.10315.56368",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal\u0027s hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\\web.config."
    },
    {
      "lang": "es",
      "value": "Gladinet CentreStack hasta la versi\u00f3n 16.1.10296.56315 (solucionada en la versi\u00f3n 16.4.10315.56368) presenta una vulnerabilidad de deserializaci\u00f3n debido al uso de la clave de m\u00e1quina (machineKey) codificada de forma r\u00edgida en el portal de CentreStack, explotada in situ en marzo de 2025. Esto permite a los actores de amenazas (que conocen la clave de m\u00e1quina) serializar un payload para la deserializaci\u00f3n del servidor y lograr la ejecuci\u00f3n remota de c\u00f3digo. NOTA: Un administrador de CentreStack puede eliminar manualmente la clave de m\u00e1quina definida en portal\\web.config."
    }
  ],
  "id": "CVE-2025-30406",
  "lastModified": "2025-11-05T19:27:44.190",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 6.0,
        "source": "cve@mitre.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-04-03T20:15:24.987",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes"
      ],
      "url": "https://www.centrestack.com/p/gce_latest_release.html"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-30406"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-321"
        }
      ],
      "source": "cve@mitre.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-30406 (GCVE-0-2025-30406)

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

NCSC-2025-0121

GHSA-HGP9-3V5V-223J

FKIE_CVE-2025-30406

Tags

Sightings

Nomenclature