Security News > 2025 > April > CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks
2025-04-09 08:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Gladinet CentreStack to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2025-30406 (CVSS score: 9.0), concerns a case of a hard-coded cryptographic key that could be abused to achieve remote
News URL
https://thehackernews.com/2025/04/cisa-warns-of-centrestacks-hard-coded.html
Related news
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- CISA flags Craft CMS code injection flaw as exploited in attacks (source)
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
- CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-03 | CVE-2025-30406 | Use of Hard-coded Credentials vulnerability in Gladinet Centrestack 13.5.9808 Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. | 9.8 |