CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

Gladinet Patches Exploited CentreStack Vulnerability

The unauthenticated local file inclusion bug allows attackers to retrieve the machine key and execute code remotely via a ViewState deserialization issue. The post Gladinet Patches Exploited CentreStack Vulnerability appeared first on SecurityWeek.

Gladinet this week released patches for a CentreStack vulnerability that has been exploited in the wild since at least late September.

Tracked as CVE-2025-11371, the issue is described as an unauthenticated file inclusion bug that allows attackers to retrieve system files.

Impacting the default configurations of Gladinet’s CentreStack and TrioFox products, the security defect was exploited in the wild as a zero-day to retrieve a ‘machineKey’ cryptographic key from a configuration file and execute arbitrary code remotely.

To achieve remote code execution, however, the attackers exploited a ViewState deserialization vulnerability, cybersecurity firm Huntress explains.

The ViewState deserialization issue was previously abused in attacks exploiting CVE-2025-30406, a critical-severity CentreStack and Triofox flaw rooted in the presence of hardcoded keys in the applications’ configuration files.

Armed with a hardcoded machineKey, an attacker could bypass ASPX ViewState protections and execute arbitrary code remotely with the privileges of the IIS application pool user. Successful exploitation of the issue could allow attackers to take full control of a vulnerable system.

Gladinet patched CVE-2025-30406 in April by updating one of the configuration files containing the machineKey and removing the key from another.

As part of the fresh attacks flagged by Huntress, threat actors are exploiting CVE-2025-11371 to retrieve the configuration file containing the machineKey, which allows them to perform a deserialization attack to execute commands on the vulnerable system.

Gladinet resolved the newly discovered vulnerability in CentreStack version 16.10.10408.56683. Given the flaw’s in-the-wild exploitation, organizations and end users are advised to apply the patches as soon as possible.

CentreStack is a self-hosted, on-premise cloud file server that provides organizations with secure file sharing capabilities. It can be deployed by MSPs for their clients and integrated with existing infrastructure.

Related: In Other News: Gladinet Flaw Exploitation, Attacks on ICS Honeypot, ClayRat Spyware

Related: Organizations Warned of Exploited Adobe AEM Forms Vulnerability

Related: Cisco Routers Hacked for Rootkit Deployment

Related: SAP Patches Critical Vulnerabilities in NetWeaver, Print Service, SRM

Latest News

CYBERNEWSMEDIAPublisher