CVE-2025-30406
Published Apr 3, 2025
Last updated 4 months ago
- Description
- Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- centrestack
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability
- Exploit added on
- Apr 8, 2025
- Exploit action due
- Apr 29, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
Gladinet CentreStack/Triofox暗号欠陥でRCE、CVE-2025-30406併用 https://t.co/K7HF3K6VJZ #Security #セキュリティー #ニュース
@SecureShield_
12 Dec 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Before React exploded I was helping chase some more shenanigans with Gladinet CentreStack & Triofox-- another LFI vulnerability that led (again) to the .NET ViewState deserialization CVE-2025-30406 remote code execution. Patch is available but we're seeing active exploitation
@_JohnHammond
10 Dec 2025
21610 Impressions
5 Retweets
82 Likes
20 Bookmarks
1 Reply
0 Quotes
🚨 New plugin: GladinetPlugin (CVE-2025-11371, CVE-2025-30406, CVE-2025-12480). Gladinet CentreStack/Triofox LFI, RCE, and auth bypass vulnerability detection. Results: https://t.co/l4VMYOgYoQ https://t.co/3p5n4aSA44
@leak_ix
12 Nov 2025
462 Impressions
1 Retweet
4 Likes
3 Bookmarks
0 Replies
0 Quotes
Critical Breach Vector: Immediate Detection and Containment of the CentreStack/Triofox 'MachineKey RCE' Zero-Day (CVE-2025-30406) , Read the full report on - https://t.co/V9c4nwnzOx https://t.co/IEzHk3XcvU
@cyberbivash
2 Oct 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
''GitHub - mchklt/CVE-2025-30406: CVE-2025-30406 ViewState Exploit PoC'' #infosec #pentest #redteam #blueteam https://t.co/KOFSdDyMcG
@CyberWarship
8 Aug 2025
2603 Impressions
10 Retweets
27 Likes
19 Bookmarks
0 Replies
0 Quotes
⚠️ Weekly vuln radar — https://t.co/Cd6L8ACyLV: CVE-2025-53770 — Sharepoint Server 📈⬆️ CVE-2025-32433 (@lambdafu) CVE-2025-25257 (@0x_shaq) CVE-2025-49113 (@k_firsov) CVE-2025-6558 (@_clem1) CVE-2025-30406 CVE-2025-54309 CVE-2025-23266 (@nirohfeld @shirtamari) CVE
@ptdbugs
1 Aug 2025
160 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
GitHub - mchklt/CVE-2025-30406: CVE-2025-30406 ViewState Exploit PoC - https://t.co/Gc8lII3LAN
@piedpiper1616
31 Jul 2025
3303 Impressions
31 Retweets
72 Likes
32 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-30406
@transilienceai
15 May 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
MSSPs & MSPs are prime targets: a single exploited vulnerability can trigger multi-organization breaches. In @msspalert, Co-founder and Picus Labs VP @su13ym4n explains the risks revealed by the recent CentreStack flaw (CVE-2025-30406). Read more → https://t.co/EE7NgZSggF
@PicusSecurity
14 May 2025
67 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-30406
@transilienceai
12 May 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-30406
@transilienceai
10 May 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-30406
@transilienceai
9 May 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Critical Gladinet CentreStack flaw (CVE-2025-30406) threatens MSPs & their customers. @su13ym4n warns: "One server breach can escalate into a multi-organization data disaster." Covered by @ChannelFutures → https://t.co/owgYfuH1e6 #CyberSecurity #MSP https://t.co/0s4YYoLKR
@PicusSecurity
8 May 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-30406
@transilienceai
8 May 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-30406
@transilienceai
7 May 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-30406
@transilienceai
2 May 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-30406
@transilienceai
1 May 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 New #ZeroDay in CentreStack is being exploited in the wild. @DarkReading highlights CVE-2025-30406, a deserialization flaw that threatens MSPs and their clients. 🗣️ Insight from Picus Labs VP @su13ym4n: “If the machineKey is compromised, RCE becomes possible.” Re
@PicusSecurity
30 Apr 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-30406
@transilienceai
26 Apr 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Comment: Given that the vulnerability has been actively exploited since March 2025, has there been any analysis regarding the initial attack vector used to exploit CVE-2025-30406, and wh... #Cybersecurity https://t.co/2otvVNUTFH
@storagetechnews
26 Apr 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hey! CISA says Gladinet CentreStack has a critical flaw (CVE-2025-30406, score 9.0!) that's ALREADY being exploited! Update ASAP or rotate those machineKeys! #cybersecurity https://t.co/Z5BkSpq7vd
@storagetechnews
26 Apr 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-30406
@transilienceai
24 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Exploit for CVE-2025-30406(Gladinet CentreStack & Triofox) https://t.co/VBcXuxBaFI https://t.co/bP6QnZ8Af0
@W01fh4cker
24 Apr 2025
2019 Impressions
10 Retweets
23 Likes
6 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-30406
@transilienceai
23 Apr 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
I have just written a proof of concept (PoC) for CVE-2025-30406, a deserialization vulnerability resulting from the abuse of a hardcoded machine key. This vulnerability is easily exploitable, as demonstrated by @_JohnHammond as well. Be sure to upgrade your Gladinet CentreStack h
@gothburz
22 Apr 2025
4260 Impressions
11 Retweets
100 Likes
6 Bookmarks
2 Replies
0 Quotes
Actively exploited CVE : CVE-2025-30406
@transilienceai
22 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Huntress continues to observe in-the-wild exploitation of CVE-2025-30406, a critical vulnerability in Gladinet CentreStack and Triofox
@HuntressLabs
22 Apr 2025
2660 Impressions
9 Retweets
29 Likes
4 Bookmarks
1 Reply
0 Quotes
2025 Bug Bounties! Hunt: CVE-2025-30406: Gladinet key CVE-2025-29824: Windows EoP CVE-2025-24054: NTLM theft CVE-2025-24813: Tomcat bug CVE-2025-32433: SSH RCE Burp, Amass. Big bounties! Get Bug Bounty Guide 2025! #BugBounty #VulnHunting2025 https://t.co/tin4q4LnYa
@Viper_Droidd
21 Apr 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-30406
@transilienceai
21 Apr 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Active exploitation of CVE-2025-30406 C2 IP: 146.70.41.178
@_horus_labs
21 Apr 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-30406
@transilienceai
20 Apr 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-30406
@transilienceai
19 Apr 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-30406
@transilienceai
18 Apr 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-30406
@transilienceai
17 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-30406
@transilienceai
16 Apr 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-30406
@transilienceai
16 Apr 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
does anyone know the machinekey for CVE-2025-30406? cant be bothered to find it myself lol
@PsExec64
16 Apr 2025
1650 Impressions
0 Retweets
8 Likes
1 Bookmark
2 Replies
0 Quotes
Critical vulnerability CVE-2025-30406 is being exploited in Gladinet CentreStack and Triofox software, risking remote code execution. Urgent updates are necessary! ⚠️ #CVE2025 #Gladinet #USSecurity link: https://t.co/7FpM27Az43 https://t.co/OwsJdWMBpE
@TweetThreatNews
15 Apr 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical RCE flaw in Gladinet’s Triofox & CentreStack is under active attack. A hardcoded crypto key (CVE-2025-30406, CVSS 9.0) is being exploited in the wild—allowing remote code execution on internet-facing servers. 👇 https://t.co/cbEtfGm0qm
@efani
15 Apr 2025
367 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-30406 in Gladinet CentreStack/Triofox is under active attack. RCE via hardcoded machineKey lets hackers escalate to SYSTEM. Patch now or rotate keys—CISA flags it critical. https://t.co/uKKJv0Ruer #cybersecurity
@dCypherIO
15 Apr 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-30406
@transilienceai
15 Apr 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#GladinetCentreStack users - you can now check for CVE-2025-30406 with Intruder ✔️ Our active check is live, so you can find out fast if you're at risk. 👉 Sign up for free to scan your environment today: https://t.co/qgJyxj5rL5 https://t.co/fhEXlwpATD
@intruder_io
15 Apr 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New CISA Alert! Gladinet CentreStack flaw (CVE-2025-30406, CVSS 9.0) is actively exploited. ▶️ Hard-coded machineKey enables remote code execution. ▶️ Exploited as a zero-day in March 2025. Patch or rotate keys now. https://t.co/o53mPy8NP0
@achi_tech
15 Apr 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼ #Exploited #Gladinet: rilevato sfruttamento in rete della CVE-2025-30406 relativa al prodotto #CentreStack Rischio: 🟠 Tipologia: 🔸 Remote Code Execution 🔗 https://t.co/6uEpbChyar 🔄 Aggiornamenti disponibili 🔄 https://t.co/SrKKSRYKAO
@Vulcanux_
15 Apr 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical RCE Alert: CVE-2025-30406 A new vulnerability in Gladinet CentreStack & Triofox software is being exploited in the wild — with 7 orgs already compromised since March 2025. CVSS Score: 9.0 Affected: Triofox ≤ v16.4.10317.56372 Exploit: Remote code execution h
@modat_magnify
15 Apr 2025
51 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical RCE Alert: CVE-2025-30406 A new vulnerability in Gladinet CentreStack & Triofox software is being exploited in the wild — with 7 orgs already compromised since March 2025. CVSS Score: 9.0 Affected: Triofox ≤ v16.4.10317.56372 Exploit: Remote code execution h
@modat_magnify
15 Apr 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical RCE vulnerability (CVE-2025-30406) in Gladinet's CentreStack and Triofox software threatens organizations with a CVSS score of 9.0. Seven victims reported exploitation. ⚠️ #Gladinet #RemoteCodeExecution #USA link: https://t.co/iw50WYHjEs https://t.co/Rn2S7y6LIx
@TweetThreatNews
15 Apr 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 تم اكتشاف ثغرة أمنية خطيرة في Gladinet CentreStack تؤثر أيضًا على Triofox، مما تسبب في اختراق سبع منظمات حتى الآن. تُعرف هذه الثغرة بـ CVE-2025-30406 (تقييم CVSS: 9.0) وتتعلق باستخدام مفتاح تشفيري ثابت، مما يعرض الخوادم المتصلة بالإنترنت لهجمات تنفيذ الشيفرة عن بُعد. #الامن…
@Cybercachear
15 Apr 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Huntress、重要なGladinetの脆弱性が実際に悪用されている状況を記録(CVE-2025-30406) https://t.co/K57ZmXR2FO #Security #セキュリティ #ニュース
@SecureShield_
15 Apr 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-30406
@transilienceai
15 Apr 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gladinet:centrestack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D44CE026-3259-4767-8AE9-0580BD0A3668",
"versionEndExcluding": "16.4.10315.56368",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]