KEVIntel
Back to KEVs
9.0
CVSS
Critical

CVE-2025-30406

PUBLISHED

Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's...

Exploited in the wild PoC available Remote No user interaction
Vendor
Gladinet
Product
CentreStack
Published
Apr 03, 2025
EPSS

Description

Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config.

cisa nuclei_scanner metasploit

CVSS scores

CVSS v3.1 9.0 Critical

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2025-04-08 00:00:00 UTC · Source

Proof of concept available

Recorded 2025-04-24 07:55:22 UTC · Source

SSVC decision points

Exploitation
active
Automatable
No
Technical impact
total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA Apr 08, 2025

Scanner integrations

Scanner Reference Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/gladinet_viewstate_deserialization_cve_2025_30406.rb Jun 09, 2025
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-30406.yaml Apr 25, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

W01fh4cker/CVE-2025-30406

github · Created 2025-04-24 07:55:22 UTC · 8 stars

Exploit for CVE-2025-30406

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Proof of Concept Exploit Available

  • Detected by Nuclei

  • Detected by Metasploit