Use of hard-coded cryptographic key in CentreStack - CVE-2025-30406
Published: April 9, 2025 / Updated: September 24, 2025
Vulnerability identifier: #VU107322
CSH Severity: Critical
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: CVE-2025-30406
CWE-ID: CWE-321
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: Gladinet
Affected software:
CentreStack
CentreStack
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to usage of a hard-coded cryptographic key when encrypting ViewState data. A remote non-authenticated attacker can predict the machineKey in use and forge ViewState payloads that pass integrity checks.
Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code on the system with privileges of the Microsoft IIS webserver account.
Note, the vulnerability is being actively exploited in the wild.
How to mitigate CVE-2025-30406
Install updates from vendor's website.