Vulnerability in Gladinet Software Exposed: Hackers Run Wild!
Security researchers warn that the Gladinet CentreStack vulnerability, CVE-2025-30406, is being actively exploited, letting hackers crash the party with remote code execution. With a CVSS score of 9/10, the flaw stems from default cryptographic keys, and the risk of server compromise is severe, despite the relatively small number of exposed servers.
Hot Take:
In the latest episode of “Oops, I Did It Again: Software Edition,” CentreStack and Triofox have decided that hard-coded cryptographic keys are the new little black dress—timeless and accessible to everyone! But while the fashion world may applaud, the cybersecurity realm is throwing tomatoes, as this misstep leaves servers as exposed as a sunbather on a public beach. Maybe next time, they’ll remember that ‘default’ is just a fancy word for ‘please hack me.’
Key Points:
- CVE-2025-30406 is the star of the show with a 9/10 CVSS severity score.
- Hard-coded cryptographic keys in CentreStack and Triofox are the culprits.
- Exploits bypass ASPX ViewState protections, potentially leading to full system control.
- Huntress’ custom-built detector identified the exploit through suspicious PowerShell activity.
- Patches are now available, and like a good SPF, they’re essential for protection.