Detections
Analytics

Gladinet CentreStack < 16.4.10315.56368 Hard-coded Cryptographic Key

critical Nessus Plugin ID 241071

Language:

Synopsis

An application running on the remote web server is affected by a hard-coded cryptographic key vulnerability.

Description

Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution.
NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade Gladinet CentreStack according to the vendor advisory.

See Also

http://www.nessus.org/u?ad259e62

Plugin Details

Severity: Critical

ID: 241071

File Name: gladinet_centrestack_cve-2025-30406.nasl

Version: 1.2

Type: remote

Family: CGI abuses

Published: 7/1/2025

Updated: 7/2/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2025-30406

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:gladinet:centrestack

Required KB Items: installed_sw/Gladinet CentreStack

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/3/2025

Vulnerability Publication Date: 4/3/2025

CISA Known Exploited Vulnerability Due Dates: 4/29/2025

Exploitable With

Metasploit (Gladinet CentreStack/Triofox ASP.NET ViewState Deserialization)

Reference Information

CVE: CVE-2025-30406