CVE-2025-30406

CRITICAL KEV NUCLEI

Gladinet CentreStack < 16.4.10315.56368 Use of Hard-coded Key Leads to Unauthenticated RCE

Title source: nuclei

Description

Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config.

Exploits (6)

nomisec WORKING POC 88 stars
by mchklt · remote
https://github.com/mchklt/CVE-2025-30406
nomisec WORKING POC 12 stars
by W01fh4cker · remote
https://github.com/W01fh4cker/CVE-2025-30406
nomisec WRITEUP
by threadpoolx · remote
https://github.com/threadpoolx/CVE-2025-30406-CentreStack-Triofox-Deserialization-RCE
metasploit WORKING POC
by Huntress Team · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/gladinet_storage_path_traversal_cve_2025_11371.rb
metasploit WORKING POC EXCELLENT
by Huntress Team, H00die Gr3y · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/gladinet_viewstate_deserialization_cve_2025_30406.rb

Nuclei Templates (1)

Gladinet CentreStack < 16.4.10315.56368 Use of Hard-coded Key Leads to Unauthenticated RCE
CRITICALVERIFIEDby iamnoooob,rootxharsh,pdresearch
Shodan: http.favicon.hash:1163764264

References (3)

Scores

CVSS v3 9.0
EPSS 0.8340
EPSS Percentile 99.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CISA KEV 2025-04-08
VulnCheck KEV 2025-04-04
ENISA EUVD EUVD-2025-9671
CWE
CWE-321 CWE-798
Status published
Products (1)
gladinet/centrestack < 16.4.10315.56368
Published Apr 03, 2025
KEV Added Apr 08, 2025
Tracked Since Feb 18, 2026