A critical zero-day vulnerability, identified as CVE-2025-30406, has been discovered in Gladinet’s CentreStack, a file-sharing platform widely used by managed service providers (MSPs). This deserialization flaw, stemming from a hardcoded or improperly protected machineKey in the IIS web.config file, compromises the security of ASP.NET ViewState data. If an attacker obtains or guesses this cryptographic key, they can craft malicious ViewState payloads that bypass integrity checks, potentially leading to unauthorized code execution.
The vulnerability has been actively exploited since March 2025 and was publicly disclosed on April 3. In response, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-30406 to its Known Exploited Vulnerabilities catalog on April 9, mandating federal agencies to apply patches by April 29.
Gladinet has issued a security advisory acknowledging the exploitation and urging users to update their systems promptly. Organizations utilizing CentreStack should prioritize patching to mitigate potential risks associated with this vulnerability.
https://www.darkreading.com/vulnerabilities-threats/zero-day-centrestack-platform-under-attack