CVE-2025-30406CRITICAL 9.8CISA KEVEPSS p99.8%

CVE-2025-30406Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability

Gladinet / CentreStack

Description

Gladinet CentreStack and Triofox contains a use of hard-coded cryptographic key vulnerability in the way that the application manages keys used for ViewState integrity verification. Successful exploitation allows an attacker to forge ViewState payloads for server-side deserialization, allowing for remote code execution.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS92.29% probability of exploitation · percentile 99.8% · 2026-06-15T12:03:41Z
Published2025-04-03
Last modified2025-11-05

CISA KEV entry

Added to KEV: 2025-04-08

Underlying weaknesses· 2

CWE-321CWE-798

References

  1. https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf
  2. https://www.centrestack.com/p/gce_latest_release.html
  3. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-30406

2

TypeTargetConfidenceTier
WeaknessUse of Hard-coded Cryptographic Keycwe-3210%live
WeaknessUse of Hard-coded Credentialscwe-7980%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryGladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerabilitykev-cve-2025-304060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability
CVE
Gladinet Triofox Improper Access Control Vulnerability
CVE
Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability
CVE
CVE-2026-5426
CVE
CVE-2025-56577
CVE
CVE-2026-31986
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.