The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Tuesday added a vital safety flaw impacting Gladinet CentreStack to its Identified Exploited Vulnerabilities (KEV) catalog, citing proof of lively exploitation within the wild.
The vulnerability, tracked as CVE-2025-30406 (CVSS rating: 9.0), considerations a case of a hard-coded cryptographic key that may very well be abused to attain distant code execution. It has been addressed in version 16.4.10315.56368 launched on April 3, 2025.
“Gladinet CentreStack accommodates a use of hard-coded cryptographic key vulnerability in the way in which that the applying manages keys used for ViewState integrity verification,” CISA mentioned. “Profitable exploitation permits an attacker to forge ViewState payloads for server-side deserialization, permitting for distant code execution.”
Particularly, the shortcoming is rooted in the usage of a hard-code “machineKey” within the IIS internet.config file, which permits risk actors with information of “machineKey” to serialize a payload for subsequent server-side deserialization with the intention to obtain distant code execution.
There are presently no particulars on how the vulnerability is being exploited, the id of the risk actors exploiting it, and who could be the targets of those assaults. That mentioned, a description of the safety defect on CVE.org states that CVE-2025-30406 was exploited within the wild in March 2025, indicating its use as a zero-day.
Gladinet, in an advisory, has additionally acknowledged that “exploitation has been noticed within the wild,” urging prospects to use the fixes as quickly as attainable. If fast patching just isn’t an possibility, it is suggested to rotate the machineKey worth as a short lived mitigation.
Source link