1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability

Known Exploited Vulnerabilities CVE-2025-30406

Gladinet CentreStack and Triofox contains a use of hard-coded cryptographic key vulnerability in the way that the application manages keys used for ViewState integrity verification. Successful exploitation allows an attacker to forge ViewState payloads for server-side deserialization, allowing for remote code execution.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2025-30406 Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability exploitation_technique T1203 Exploitation for Client Execution
Comments
This vulnerability has been exploited to give threat actors with knowledge of the CentreStack portal's machineKey the ability to craft malicious payloads for remote code execution.
References
  1. https://www.huntress.com/blog/cve-2025-30406-critical-gladinet-centrestack-triofox-vulnerability-exploited-in-the-wild
CVE-2025-30406 Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
This vulnerability has been exploited to give threat actors with knowledge of the CentreStack portal's machineKey the ability to craft malicious payloads for remote code execution.
References
  1. https://www.huntress.com/blog/cve-2025-30406-critical-gladinet-centrestack-triofox-vulnerability-exploited-in-the-wild