CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30406
https://notcve.org/view.php?id=CVE-2025-30406
03 Apr 2025 — Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config. Gladinet CentreStack hasta la versión 16.1.10296.56315 (solucionada en ... • https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2023-26829
https://notcve.org/view.php?id=CVE-2023-26829
31 Mar 2023 — An authentication bypass vulnerability in the Password Reset component of Gladinet CentreStack before 13.5.9808 allows remote attackers to set a new password for any valid user account, without needing the previous known password, resulting in a full authentication bypass. • https://www.whiteoaksecurity.com/blog/centrestack-disclosure • CWE-863: Incorrect Authorization •
CVSS: 8.3EPSS: 1%CPEs: 1EXPL: 1CVE-2023-26830
https://notcve.org/view.php?id=CVE-2023-26830
31 Mar 2023 — An unrestricted file upload vulnerability in the administrative portal branding component of Gladinet CentreStack before 13.5.9808 allows authenticated attackers to execute arbitrary code by uploading malicious files to the server. • https://www.whiteoaksecurity.com/blog/centrestack-disclosure • CWE-434: Unrestricted Upload of File with Dangerous Type •