According to the U.S. Cybersecurity and Infrastructure Security Agency ( CISA ), there is evidence of active exploitation in the wild. On Tuesday, the agency a critical security flaw to Gladinet CentreStack to its Known Exploited Vulnerabilities ( ) catalog.
A case of a hard-coded cryptographic key that could be exploited to force remote code execution is the subject of the risk, which is identified as CVE-2025-30406 ( CVSS report: 9.0). It has been addressed in variant 16.4.10315.56368 released on April 3, 2025.
In the way that the program manages the codes used for ViewState dignity verification,” Gladinet CentreStack contains a use of hard-coded encrypted code risk,” according to CISA. ” Effective abuse allows an intruder to build ViewState cargo for server-side deserialization, allowing for rural code murder,” says the statement.
The IIS web’s use of a hard-coded “machineKey” particularly contributes to the weakness. a configuration document that enables remote code execution by allowing threat actors who have knowledge of “machineKey” to serialize a load for server-side deserialization.
There are no current details on how the risk is being abused, who are the menace actors who are utilizing it, or who might be the target of these attacks. That being said, a of the CVE surveillance flaw. According to CVE-2025-30406, which was exploited in the wild in March 2025, it was used as a zero-day.
In an expert, Gladinet also that “exploitation has been observed in the wild,” urging consumers to apply the changes as soon as possible. If quick patching is not an option, it is advised to turn the machineKey value to provide temporary mitigation.