Gladinet has issued security updates for its CentreStack platform in response to a local file inclusion (LFI) vulnerability (CVE-2025-11371) exploited as a zero-day. The flaw allows attackers to access sensitive files, read the Web.config file, and potentially execute remote code using a combination of LFI and deserialization vulnerabilities. #Gladinet #CVE-2025-11371 #CentreStack #Web.config #deserialization
Keypoints
- The LFI vulnerability in CentreStack was exploited to read the Web.config file and acquire the machine key.
- Attackers used the flaw to forge malicious ViewState payloads, leading to remote code execution via CVE-2025-30406.
- Huntress researchers provided a minimal proof-of-concept exploit and detailed technical analysis of the vulnerability.
- Gladinet released a security update in CentreStack version 16.10.10408.56683 to mitigate the vulnerability.
- Administrators are advised to install the update or disable the temp-download handler as a mitigation measure.