Cyber Security News

CISA Alerts on Active Exploitation of CentreStack Hard-Coded Key Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert highlighting a critical vulnerability in Gladinet CentreStack, a cloud-based enterprise file-sharing platform.

The issue, tracked as CVE-2025-30406, involves the use of a hard-coded cryptographic key that could enable attackers to execute remote code on compromised systems, posing a major security risk to organizations relying on CentreStack for file-sharing operations.

Details of CVE-2025-30406

Gladinet CentreStack contains a vulnerability where hard-coded cryptographic keys are used for managing ViewState integrity verification.

ViewState is a method commonly used in ASP.NET applications to persist the state of a web page or control between server requests.

In this case, the hard-coded key flaw allows attackers to forge ViewState payloads for server-side deserialization.

Successful exploitation of this issue enables remote code execution, effectively granting attackers unauthorized access to the underlying system.

The vulnerability is classified under the CWE-321 (Use of Hard-coded Cryptographic Key) category, highlighting the flawed design of embedding fixed cryptographic keys in the application’s code.

As of now, it is unknown if this vulnerability is being actively utilized in ransomware campaigns, but the remote code execution risk makes it a potential target for cybercriminals.

CISA’s alert comes amidst growing concerns over vulnerabilities in cloud services that underpin critical business operations.

Enterprises using Gladinet CentreStack for secure file sharing or collaboration are urged to assess their exposure to this vulnerability immediately.

CISA especially recommends following Binding Operational Directive (BOD) 22-01, which guides securing cloud services.

Organizations leveraging CentreStack are advised to follow the mitigations suggested by the software vendor or consider discontinuing the use of the product if mitigations are unavailable. CISA’s key recommendations include:

  1. Apply Vendor-Provided Patches or Updates: Gladinet has likely provided critical updates or instructions to address CVE-2025-30406. Administrators should ensure they implement these fixes without delay.
  2. Follow BOD 22-01 Guidelines: Ensure that your cloud services comply with CISA’s recommendations for enhanced security. This directive focuses on reducing exposure to threats targeting cloud infrastructure.
  3. Evaluate Temporary Measures: If no immediate patch is available, consider disabling CentreStack services until mitigation strategies are confirmed.
  4. Monitor for Unusual Activity: Check for signs of attempted exploitation, such as unauthorized access patterns or tampering with critical data.

This alert underscores the urgency of addressing vulnerabilities in third-party applications that power essential business functions.

Organizations are encouraged to adopt proactive security measures and keep communication channels open with their IT teams and vendors.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Fedora Linux Joins the Windows Subsystem for Linux Officially

Fedora Project has announced the official availability of Fedora Linux on the Windows Subsystem for…

12 minutes ago

Microsoft Launches “Copilot+ PC” for an Upgraded Windows Experience

Microsoft has announced a significant wave of new Windows experiences designed for Copilot+ PCs, which…

16 minutes ago

Nomad Bridge Hacker Apprehended in Connection with $190 Million Heist

Alexander Gurevich, a 47-year-old dual Russian-Israeli citizen, was arrested last Thursday at Ben-Gurion Airport while…

24 minutes ago

160-Year-Old Haulage Firm Falls After Cyber-Attack: Director Issues Urgent Warning

The 160-year-old haulage giant Knights of Old, once a stalwart of the UK’s logistics sector,…

29 minutes ago

SonicWall Unveils New Firewalls and Comprehensive Managed Cybersecurity Service

SonicWall has unveiled a new line of advanced firewalls and a comprehensive managed cybersecurity service…

34 minutes ago

China-Backed Hackers Target Exiled Uyghur Community with Malicious Software

Senior members of the World Uyghur Congress (WUC) living in exile were targeted with a…

38 minutes ago