CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

Gladinet CentreStack Flaw Exploited to Hack Organizations

Threat actors have hacked at least nine organizations by exploiting the recently patched Gladinet CentreStack flaw. The post Gladinet CentreStack Flaw Exploited to Hack Organizations appeared first on SecurityWeek.

Hacked

Huntress warns of a new wave of attacks targeting Gladinet CentreStack instances to retrieve cryptographic keys and achieve remote code execution.

As part of the attacks, hackers have exploited a new vulnerability in the mobile access and secure sharing solution, the cybersecurity firm says.

The exploited bug, Huntress says, is an insecure cryptography issue that allows attackers to access the ‘web. config’ file, which contains a ‘machineKey’ cryptographic key.

Huntress’s analysis of the attacks revealed that the hackers have been abusing the fact that CentreStack relies on the same two 100-byte strings to derive the cryptographic keys.

According to the cybersecurity firm, an attacker that can retrieve this cryptographic information can also use it for future encryption/decryption operations, thus compromising the instance.

“Because these keys never change, we could extract them from memory once and use them to decrypt any ticket generated by the server or worse, encrypt our own,” Huntress notes.

Using the two strings, any attacker could craft requests to obtain the machine keys from the ‘web. config’ file, and the system would trust those requests.

Next, armed with the machine keys, the attacker can abuse the ASPX ViewState mechanism in deserialization attacks by forging ViewState payloads and achieving remote code execution.

The ViewState deserialization issue has been exploited this year in attacks targeting two other CentreStack vulnerabilities, namely CVE-2025-30406 and CVE-2025-11371.

Huntress also discovered that the attackers crafted their malicious requests to create a ticket that never expires, which essentially allows them to reuse the same URL indefinitely to retrieve the configuration file.

“As of December 10, we have seen nine organizations that have been impacted by this vulnerability. These businesses ranged across different sectors, from healthcare to technology,” Huntress notes.

No CVE identifier has been published for the flaw and Gladinet has not shared details on it. However, the company notified its customers in late November of a security issue resolved with a new CentreStack update (version 16.11.10417.56762).

Organizations are advised to update to the latest version of CentreStack and Triofox, namely version 16.12.10420.56791, which was released on December 10, and to review the indicators of compromise (IoCs) released by Huntress and Gladinet.

Related: Recent GeoServer Vulnerability Exploited in Attacks

Related: Unpatched Gogs Zero-Day Exploited for Months

Related: Critical King Addons Vulnerability Exploited to Hack WordPress Sites

Related: Microsoft Silently Mitigated Exploited LNK Vulnerability

Latest News

CYBERNEWSMEDIAPublisher