CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2025-30406

Critical Severity
SVRS
83/100
CVSSv3
9.8/10
EPSS
0.5723/1

CVE-2025-30406 is a critical deserialization vulnerability in Gladinet CentreStack, potentially allowing remote code execution. Exploitation has been observed in the wild, emphasizing the immediate need for mitigation. Gladinet CentreStack versions through 16.1.10296.56315 are affected due to the hardcoded machineKey use in the CentreStack portal. Successful exploitation allows threat actors with knowledge of the machineKey to serialize a payload for server-side deserialization, leading to remote code execution. With an SVRS of 83, this vulnerability is considered critical, warranting immediate action. This high score, driven by active exploits and real-world exploitation data, indicates the urgent need for patching or mitigation to prevent potential system compromise. The vulnerability has been added to the CISA KEV catalog, meaning federal agencies must patch by a certain date.

TAGS
In The Wild
CISA KEV
Exploit Available
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2025-04-03
LAST MODIFIED2025-04-22

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
W01fh4cker/CVE-2025-30406https://github.com/W01fh4cker/CVE-2025-304062025-04-24
Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2025-304062025-04-08
Gladinet CentreStack Use of Hard-coded Cryptographic Key Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2025-304062025-04-08
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Security Affairs newsletter Round 520 by Pierluigi Paganini – INTERNATIONAL EDITION
Pierluigi Paganini2025-04-20
Security Affairs newsletter Round 520 by Pierluigi Paganini – INTERNATIONAL EDITION | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Attackers exploited SonicWall SMA appliances since January 2025 ASUS routers with AiCloud vulnerable to auth bypass exploit U.S. […] A new round of the weekly SecurityAffairs newsletter arrived
securityaffairs.co
rss
forum
news
Serious Flaw Found in Popular File-Sharing Tool Used by IT Providers
Ridhika Singh ([email protected])2025-04-17
Serious Flaw Found in Popular File-Sharing Tool Used by IT Providers |  A major security problem has been found in a widely used file
blogger.com
rss
forum
news
U.S. CISA adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog
Pierluigi Paganini2025-04-17
U.S. CISA adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog | U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a SonicWall SMA100 Appliance flaw, tracked as CVE-2021-20035, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is an OS Command Injection Vulnerability in the SMA100 management interface. A […] U.S. Cybersecurity and
securityaffairs.co
rss
forum
news
Tageszusammenfassung - 15.04.2025
CERT.at2025-04-15
Tageszusammenfassung - 15.04.2025 | End-of-Day report Timeframe: Montag 14-04-2025 18:00 - Dienstag 15-04-2025 18:00 Handler: Guenes Holler Co-Handler: Michael Schlagenhaufer News New ResolverRAT malware targets pharma and healthcare orgs worldwide A new remote access trojan (RAT) called ResolverRAT is being used against organizations globally, with the malware used in recent attacks targeting the healthcare and pharmaceutical sectors. https://www.bleepingcomputer.com/news/security/new-resolverrat-malware-targets-pharma-and-healthcare-orgs-worldwide/
cert.at
rss
forum
news
Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability
Ajit Jasrotia2025-04-15
Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability | A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised to date. Tracked as CVE-2025-30406 (CVSS score: 9.0), the vulnerability refers to the use of a hard-coded cryptographic key that could expose internet-accessible servers to remote code execution attacks. It […] The post Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical
allhackernews.com
rss
forum
news
Gladinet flaw CVE-2025-30406 actively exploited in the wild - Security Affairs
2025-04-15
Gladinet flaw CVE-2025-30406 actively exploited in the wild - Security Affairs | News Content: Gladinet flaw CVE-2025-30406 actively exploited in the wild Huntress reports active exploitation of Gladinet CVE-2025-30406 in the wild, affecting seven organizations and 120 endpoints. Security researchers at Huntress warn of attacks in the wild exploiting a critical vulnerability, tracked as CVE-2025-30406, in Gladinet CentreStack and Triofox software. The vulnerability CVE-2025-30406 (CVSS score 9.0) is a deserialization issue due to the CentreStack portal’s hardcoded machineKey use. Threat actors exploited the flaw in March attacks. The vulnerability has been
google.com
rss
forum
news
⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More
Ajit Jasrotia2025-04-14
⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More | Attackers aren’t waiting for patches anymore — they are breaking in before defenses are ready. Trusted security tools are being hijacked to deliver malware. Even after a breach is detected and patched, some attackers stay hidden. This week’s events show a hard truth: it’s not enough to react after an attack. You have to assume […] The post ⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized
cve-2025-31565
cve-2024-53150
cve-2025-25211
cve-2025-2636

Social Media

Exploit for CVE-2025-30406(Gladinet CentreStack & Triofox) https://t.co/VBcXuxBaFI https://t.co/bP6QnZ8Af0
0
1
1
Some confusion I've seen on CVE-2025-30406, where seemingly "patched" hosts (upgraded to the latest version 16.4.10315.56368 or 16.4.10317.56372) are still exploited. The core of this vulnerability is the hardcoded machineKey values that lead to the typical ASP ViewState https://t.co/7gG4wtdkI9
0
1
10
I have just written a proof of concept (PoC) for CVE-2025-30406, a deserialization vulnerability resulting from the abuse of a hardcoded machine key. This vulnerability is easily exploitable, as demonstrated by @_JohnHammond as well. Be sure to upgrade your Gladinet CentreStack https://t.co/iQCfPXlbZQ
0
0
0
Huntress continues to observe in-the-wild exploitation of CVE-2025-30406, a critical vulnerability in Gladinet CentreStack and Triofox
1
3
7
🚨 Critical: CVE-2025-30406 is under active attack in Gladinet CentreStack & Triofox! Hardcoded key leads to RCE. CISA added to Known Exploited Vulnerabilities. Patch CentreStack, update Triofox ASAP! More details & detection tools here: 🔗 https://t.co/AO7vkD1J26
0
0
0
Critical vulnerability CVE-2025-30406 affects Gladinet CentreStack & Triofox, exposing multiple organizations to remote code execution risks. Hardcoded keys in configs are the issue. ⚠️ #Gladinet #RemoteCodeExecution #USA link: https://t.co/PqlYIFsKC8 https://t.co/D4dZmbpUmb
0
0
0
🚨 Critical RCE flaw in Gladinet’s Triofox & CentreStack is under active attack. A hardcoded crypto key (CVE-2025-30406, CVSS 9.0) is being exploited in the wild—allowing remote code execution on internet-facing servers. 👇 https://t.co/cbEtfGm0qm
1
0
0
Critical vulnerability CVE-2025-30406 is being exploited in Gladinet CentreStack and Triofox software, risking remote code execution. Urgent updates are necessary! ⚠️ #CVE2025 #Gladinet #USSecurity link: https://t.co/7FpM27Az43 https://t.co/OwsJdWMBpE
0
0
0
Critical RCE vulnerability (CVE-2025-30406) in Gladinet's CentreStack and Triofox under active exploitation. Users urged to update immediately. #CyberSecurity #DataBreach #RCE #Gladinet https://t.co/qhxMT1G9g2
0
0
0
⚠️ Vulnerability Update: CentreStack Hard-Coded MachineKey Vulnerability 🔎 CVE: CVE-2025-30406 📅 Timeline: No changes detected; both datasets report a timeline with initial disclosure and patch release occurring on April 8, 2025. 🛠️ exploitMaturity: The exploit maturity is
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf
[email protected]https://www.centrestack.com/p/gce_latest_release.html
GITHUBhttps://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf

CWE Details

CWE IDCWE NameDescription
CWE-321Use of Hard-coded Cryptographic KeyThe use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
CWE-798Use of Hard-coded CredentialsThe software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence