Cybersecurity and US Infrastructure Agency (CISA) added A critical security lack of affecting Centrestack Gradinet to known exploited vulnerabilities (Ship) Catalog, citing evidence of active exploitation in the wild.
Vulnerability tracked as Cve-2025-30406 (CVSS assessment: 9.0) concerns the case of a rigid crystographic key that can be abused to reach the remote code. This was decided in Version 16.4.10315.56368 Released on April 3, 2025.
“The Gladinet Centrestack contains the use of the vulnerability of the cryptographic key keys in the way the application manages the keys used to check the integrity check,” Cisa said. “Successful operation allows the attacker to adjust the useful load of ViewState for desserization on the server side, allowing you to execute the removed code.”
In particular, the deficiency is rooted in the use of “bullets” in the IIS web.config file, which threatens the threat that know the “maider key” to serialize the useful load for the subsequent desserization on the server side to reach the remote code.
Currently, there are no details about how vulnerability is used, the identity of the threats that use it, and which can be the goals of these attacks. This is said as well description Security defect on cve.org claims that in March 2025, Cve-2025-30406 was used in the wild, which indicates its use as a zero day.
Gladinet, in advisory, also has recognized This “exploitation is observed in the wild”, urging customers to apply corrections as soon as possible. If immediate correction is not an option, it is recommended to turn the value of the machine plant as a temporary softening of the consequences.
