The US Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw affecting Gladinet Centrestack to its known Exploited Vulnerabilities (KEV) catalog, citing evidence of aggressive exploitation in the wild.
The vulnerability tracked as CVE-2025-30406 (CVSS score: 9.0) concerns a case of hardcoded encryption keys that can be abused to achieve remote code execution. Addressed in version 16.4.10315.56368 released on April 3, 2025.
“Gladinet Centrestack includes the use of hard-coded encryption key vulnerabilities, a way to manage the keys used to verify the integrity that applications see,” CISA said. “The successful exploit allows the attacker to forge the ViewState payload for server-side descent, allowing remote code execution.”
Specifically, the drawback is rooted in the use of hardcoded “MachineKey” in the IIS web.config file, which allows threat actors with knowledge of “MachineKey” to serialize subsequent server-side molting payloads to achieve remote code execution.
Currently, there is no details on how the vulnerability is being exploited, the identity of the threat actors exploiting it, and the details that could be targeted for these attacks. That said, CVE.org’s description of security flaws states that CVE-2025-30406 was exploited in the wild in March 2025, indicating its use as a zero-day.
In its recommendation, Gladinet acknowledges that “exploitation is being observed in the wild” and urges customers to apply the corrections as soon as possible. If immediate patching is not an option, we recommend rotating the MachineKey value as a temporary relaxation.
Source link
