Aperçu
Gladinet CentreStack contains a critical server-side deserialization vulnerability caused by a hardcoded machineKey in the portal. This vulnerability allows remote attackers with knowledge of the machineKey to achieve remote code execution (RCE) on the affected server. The vulnerability affects CentreStack through version 16.1.10296.56315. La vulnérabilité a été divulguée le April 3, 2025. CISA a identifié CVE-2025-30406 comme étant exploitée mais n'est pas actuellement connue pour être utilisée dans des campagnes de rançongiciel.
Détails techniques
Gladinet CentreStack contains a server-side deserialization vulnerability stemming from the use of a hardcoded machineKey within the portal application. The machineKey is a cryptographic key used by ASP.NET to encrypt and decrypt sensitive data such as view state and authentication tokens. When a machineKey is hardcoded and publicly known (or easily discoverable), attackers can craft malicious serialized objects that bypass authentication and integrity checks. By exploiting the deserialization of untrusted data combined with the known machineKey, attackers can instantiate arbitrary .NET objects, potentially leading to remote code execution on the server.
La vulnérabilité est classifiée comme CWE-502 (Deserialization of Untrusted Data) , CWE-798 (Use of Hardcoded Credentials) etCWE-327 (Use of a Broken or Risky Cryptographic Algorithm) .
La vulnérabilité a reçu un score de base CVSS v3.1 de 9.8 (CRITICAL) avec la chaîne vectorielle CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, indiquant sa nature critical.
Impact
An attacker with knowledge of the hardcoded machineKey can craft malicious serialized .NET objects and send them to the CentreStack portal. Upon deserialization, these objects can execute arbitrary code with the privileges of the CentreStack application (typically running as a system service). This leads to complete compromise of the affected server, including data theft, system modification, denial of service, lateral movement within the network, and potential deployment of malware or ransomware.
Mitigation et contournements
Upgrade to CentreStack version 16.2.0 or later. Alternatively, apply the security patch for version 16.1 (build 16.1.10296.56410 or later). Administrators should download the latest version from the Gladinet portal, backup their current configuration, and follow the standard upgrade procedure. After patching, restart the CentreStack services and verify the deployment. Les versions suivantes incluent les correctifs nécessaires : CentreStack 16.2.0 and later, CentreStack 16.1.10296.56410 (patched version).
Comme contournements temporaires : restrict network access to the centrestack portal to trusted ip addresses only using firewall rules or network segmentation. this reduces the attack surface by limiting who can attempt exploitation.; implement rate limiting and request filtering on the centrestack portal to detect and block suspicious deserialization attempts or unusual request patterns.; disable unnecessary features or endpoints in the centrestack portal that are not required for operations, reducing the attack surface., et monitor centrestack logs and system activity for signs of exploitation, including unusual deserialization errors, unexpected process execution, or abnormal network connections..
Recommandation de CISA : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Ressources additionnelles
Source : Ce rapport a été généré par IA
