Summary: A zero-day vulnerability in Gladinet CentreStack’s file-sharing software has been exploited since March 2025, allowing hackers to breach storage servers through a deserialization flaw. The vulnerability, tracked as CVE-2025-30406, affects versions up to 16.1.10296.56315 and is linked to a hardcoded machineKey in the configuration that could be exploited for remote code execution. Users are urged to upgrade to patched versions or rotate the machineKey as an interim measure to mitigate risk.
Affected: Gladinet CentreStack
Keypoints :
- Exploitation of CVE-2025-30406 has been observed since March 2025, targeting Gladinet CentreStack’s secure file-sharing platform.
- The flaw allows attackers to bypass integrity checks and execute remote code due to a hardcoded machineKey vulnerability.
- Gladinet has released security fixes, and users are urged to upgrade to the latest versions or manually rotate their machineKey.
Views: 25