Summary: Security researchers at Huntress have reported ongoing attacks exploiting a critical vulnerability, CVE-2025-30406, in Gladinet CentreStack and Triofox software. This vulnerability, which has a CVSS score of 9.0, arises from a deserialization issue linked to hardcoded machineKey values, allowing for potential remote code execution. Organizations are urged to update to the latest patched version to mitigate risks associated with this exploit.
Affected: Gladinet CentreStack, Triofox software
Keypoints :
- The CVE-2025-30406 vulnerability involves hardcoded machineKey values in the web.config file, leading to ViewState deserialization attacks.
- At least seven organizations have been compromised due to this zero-day exploit, prompting CISA to add the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
- Huntress has released detection tools and urges immediate patching or machineKey rotation for those unable to update to protect against ongoing attacks.