PT-2025-14795 · Gladinet · Gladinet Centrestack
Published
2025-04-03
·
Updated
2025-08-14
·
CVE-2025-30406
10
Critical
Base vector | Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
**Name of the Vulnerable Software and Affected Versions:**
Gladinet CentreStack versions prior to 16.4.10315.56368
Gladinet Triofox versions prior to 16.4.10317.56372
**Description:**
Gladinet CentreStack and Triofox are affected by a deserialization vulnerability due to the use of a hardcoded `machineKey` in the CentreStack portal. This allows threat actors who know the `machineKey` to serialize a payload for server-side deserialization, achieving remote code execution (RCE). Exploitation of this vulnerability has been observed in the wild since March 2025, and as of April 21, 2025, exploitation continues even on systems with the patch applied, potentially due to failures in automatic `machineKey` rotation. Approximately 120 endpoints across seven organizations have been compromised. Threat actors have been observed enumerating the host and Active Directory environment, reading configuration files, and executing malicious payloads in memory.
**Recommendations:**
Gladinet CentreStack versions prior to 16.4.10315.56368: Apply the latest update to version 16.4.10315.56368 or later. If patching is not immediately available, manually rotate the `machineKey` in the `portalweb.config` file.
Gladinet Triofox versions prior to 16.4.10317.56372: Update to version 16.4.10317.56372 or later.
Fix
RCE
Using Hardcoded Credentials
Related Identifiers
Affected Products
References · 143
- https://centrestack.com/p/gce_latest_release.html · Security Note
- https://nvd.nist.gov/vuln/detail/CVE-2025-30406 · Security Note
- https://bdu.fstec.ru/vul/2025-04968 · Security Note
- https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf · Security Note, Vendor Advisory
- https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2025-triofox.pdf · Security Note
- https://twitter.com/xcybersecnews/status/1933322074539327928 · Twitter Post
- https://twitter.com/transilienceai/status/1913920876300402826 · Twitter Post
- https://twitter.com/DeepFlowcc/status/1912194174377685379 · Twitter Post
- https://twitter.com/transilienceai/status/1921911282321547409 · Twitter Post
- https://t.me/zerodayalert/474 · Telegram Post
- https://twitter.com/transilienceai/status/1912657115749011893 · Twitter Post
- https://twitter.com/transilienceai/status/1921353132824830182 · Twitter Post
- https://twitter.com/intruder_io/status/1912190006912831908 · Twitter Post
- https://twitter.com/marylynnjuszcza/status/1912472744261824776 · Twitter Post
- https://twitter.com/syedaquib77/status/1912749873319059844 · Twitter Post