Latest Cyber Security News

You are here: Home / General Cyber Security News / CISA Warns of CentreStack’s Hard-Coded MachineKey Vulnerability Enabling RCE Attacks
April 9, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Gladinet CentreStack to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.

The vulnerability, tracked as CVE-2025-30406 (CVSS score: 9.0), concerns a case of a hard-coded cryptographic key that could be abused to achieve remote code execution. It has been addressed in version 16.4.10315.56368 released on April 3, 2025.

“Gladinet CentreStack contains a use of hard-coded cryptographic key vulnerability in the way that the application manages keys used for ViewState integrity verification,” CISA said. “Successful exploitation allows an attacker to forge ViewState payloads for server-side deserialization, allowing for remote code execution.”

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Cybersecurity

Specifically, the shortcoming is rooted in the use of a hard-code “machineKey” in the IIS web.config file, which enables threat actors with knowledge of “machineKey” to serialize a payload for subsequent server-side deserialization in order to achieve remote code execution.

CentreStack

There are currently no details on how the vulnerability is being exploited, the identity of the threat actors exploiting it, and who may be the targets of these attacks. That said, a description of the security defect on CVE.org states that CVE-2025-30406 was exploited in the wild in March 2025, indicating its use as a zero-day.

Gladinet, in an advisory, has also acknowledged that “exploitation has been observed in the wild,” urging customers to apply the fixes as soon as possible. If immediate patching is not an option, it’s advised to rotate the machineKey value as a temporary mitigation.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.


Some parts of this article are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *