216.73.216.197

CVE-2025-30406 - Critical Gladinet CentreStack & Triofox Vulnerability Exploited In The Wild

· Published 15/04/2025 03:39 · Modified 15/04/2025 11:49

Export JSON

Essential information

Published
15/04/2025 03:39
Modified
15/04/2025 11:49
Tags
2025-04-15 CVE-2025-30406 aspx viewstate centrestack cobalt strike gladinet hardcoded keys meshcentral privilege-escalation remote code execution triofox
Related entities
1 vulnerabilities (cve), 6 observables, 9 techniques (mitre), 1 malware

Description

A critical vulnerability () in and software has been discovered and is being actively exploited. The flaw involves hardcoded cryptographic keys in configuration files, allowing attackers to abuse for . Affected versions include below 16.4.10315.56368 and below 16.4.10317.56372. Exploitation leads to immediate compromise with potential for privilege escalation. Mitigation involves patching or changing machineKey values. Post-exploitation activities include downloading malicious DLLs, lateral movement, and installation of remote access tools like . Immediate action is recommended for vulnerable servers exposed to the internet.

External references