Recent developments in cybersecurity have highlighted a critical vulnerability in Gladinet CentreStack, a popular file sharing and collaboration platform. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation. Tracked as CVE-2025-30406, this vulnerability has a CVSS score of 9.0, indicating its severity. It involves a hard-coded cryptographic key that can be exploited for remote code execution, posing significant risks to affected systems.
The vulnerability is rooted in the use of a hard-coded "machineKey" within the IIS web.config file, which allows attackers to forge ViewState payloads for server-side deserialization. This can lead to remote code execution, granting attackers control over the compromised systems. Although specific details about the exploitation methods and threat actors remain undisclosed, the vulnerability was reportedly exploited as a zero-day in March 2025.
Gladinet has released a patch addressing this issue in version 16.4.10315.56368, available since April 3, 2025. The company has urged users to apply the update promptly to mitigate potential risks. For those unable to patch immediately, rotating the machineKey value is suggested as a temporary measure. This incident underscores the importance of timely updates and proactive security measures in safeguarding digital assets.
The primary threat identified is the CVE-2025-30406 vulnerability in Gladinet CentreStack, which involves a hard-coded cryptographic key used for ViewState integrity verification. This flaw allows attackers to execute remote code by forging ViewState payloads for server-side deserialization. The potential impact includes unauthorized access and control over affected systems, with significant implications for data integrity and confidentiality.
Exploitation of this vulnerability has been confirmed in the wild, with reports indicating its use as a zero-day attack in March 2025. While specific details about the threat actors and targets are not available, the widespread use of Gladinet CentreStack across various industries increases the risk of exploitation. Organizations relying on this platform should prioritize patching to prevent potential breaches.
Clients using Gladinet CentreStack may face operational disruptions if their systems are compromised through this vulnerability. The risk of data breaches or loss is significant, as attackers could gain unauthorized access to sensitive information. Financial consequences could arise from both direct losses and potential regulatory fines due to non-compliance with data protection standards.
The relevance of this threat extends across industries that utilize Gladinet CentreStack for file sharing and collaboration. Organizations must assess their exposure and take immediate action to mitigate risks. From a compliance perspective, failure to address this vulnerability could lead to audits or penalties under regulations such as GDPR or CCPA, emphasizing the need for prompt remediation.
1898 & Co is actively monitoring the situation surrounding the Gladinet CentreStack vulnerability and is prepared to assist clients in mitigating associated risks. Our team offers specialized services to help organizations update their systems and implement necessary security measures promptly.
We are enhancing our existing security protocols to address emerging threats like CVE-2025-30406, ensuring our clients receive up-to-date guidance and support. Our collaborative efforts with industry partners enable us to share threat intelligence and develop effective strategies for risk management.
Ongoing research by our cybersecurity experts focuses on identifying potential vulnerabilities and providing actionable insights to our clients. We are committed to delivering high-quality solutions that align with industry standards and support our clients' security objectives.
Sources
1. CISA Adds Gladinet CentreStack Vulnerability to KEV Catalog
2. CVE Details for CVE-2025-30406
3. Gladinet Advisory on CVE-2025-30406