VYPR
Unrated severityCISA KEVNVD Advisory· Published Apr 3, 2025· Updated Oct 21, 2025

CVE-2025-30406

CVE-2025-30406

Description

Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config.

Affected products

2
  • Gladinet/CentreStackllm-fuzzy2 versions
    <=16.1.10296.56315+ 1 more
    • (no CPE)range: <=16.1.10296.56315
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.