12 matches found
Gladinet CentreStack/Triofox Path Traversal
This module exploits a path traversal vulnerability CVE-2025-11371 in Gladinet CentreStack and Triofox that allows an unauthenticated attacker to read arbitrary files from the server's file system. The vulnerability exists in the /storage/t.dn endpoint which does not properly sanitize the s...
Exploit for Use of Hard-coded Credentials in Gladinet Centrestack
CVE-2025-14611 CentreStack and Triofox full Poc/Exploit Su...
Exploit for Use of Hard-coded Cryptographic Key in Gladinet Centrestack
CVE-2025-30406 ViewState Exploit PoC Overview This is a Pr...
Gladinet's Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability
A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised to date. Tracked as CVE-2025-30406 CVSS score: 9.0, the vulnerability refers to the use of a hard-cod...
CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a critical security flaw impacting Gladinet CentreStack to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2025-30406 CVSS score:...
CVE-2025-30406
Gladinet CentreStack through 16.1.10296.56315 fixed in 16.4.10315.56368 has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors who know the machineKey to serialize a payload for server-side...
CVE-2025-30406
Gladinet CentreStack through 16.1.10296.56315 fixed in 16.4.10315.56368 has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors who know the machineKey to serialize a payload for server-side...
CVE-2025-30406
creationtimestamp| type| source ---|---|--- 2025-04-03 19:35:34+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/10326 2025-04-03 21:06:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3llwsmf36672w 2025-04-03 23:36:28+00:00| seen| https://t.me/cvedetector/22026 2025-04-04...
CVE-2025-30406
Gladinet CentreStack through 16.1.10296.56315 fixed in 16.4.10315.56368 has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors who know the machineKey to serialize a payload for server-side...
CVE-2025-30406
Summary (mode C): Gladinet CentreStack and Triofox are affected by a hard-coded machineKey in web.config that enables ViewState deserialization attacks (CVE-2025-30406). The flaw allows an unauthenticated attacker to forge ViewState payloads, leading to remote code execution and has been exploite...
CVE-2025-30406
Gladinet CentreStack through 16.1.10296.56315 fixed in 16.4.10315.56368 has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors who know the machineKey to serialize a payload for server-side...
CVE-2025-30406
Gladinet CentreStack through 16.1.10296.56315 fixed in 16.4.10315.56368 has a deserialization vulnerability due to the CentreStack portal’s hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors who know the machineKey to serialize a payload for server-side...