CVE-2025-30406 - Critical Gladinet CentreStack & Triofox Vulnerability Exploited In The Wild

SUMMARY :

A critical vulnerability (CVE-2025-30406) in Gladinet CentreStack and Triofox software has been discovered and is being actively exploited. The flaw involves hardcoded cryptographic keys in configuration files, allowing attackers to abuse ASPX ViewState for remote code execution. Affected versions include CentreStack below 16.4.10315.56368 and Triofox below 16.4.10317.56372. Exploitation leads to immediate compromise with potential for privilege escalation. Mitigation involves patching or changing machineKey values. Post-exploitation activities include downloading malicious DLLs, lateral movement, and installation of remote access tools like MeshCentral. Immediate action is recommended for vulnerable servers exposed to the internet.

OPENCTI LABELS :

cobalt strike,remote code execution,privilege escalation,meshcentral,cve-2025-30406,gladinet,hardcoded keys,aspx viewstate,centrestack,triofox


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


CVE-2025-30406 - Critical Gladinet CentreStack & Triofox Vulnerability Exploited In The Wild