BleepingComputer reports that vulnerable instances of the widely used Gladinet CentreStack enterprise file-sharing and access platform impacted by the zero-day deserialization flaw, tracked as CVE-2025-30406, have been subjected to intrusions aimed at compromising storage servers since March.
Such a vulnerability, which has been patched last week, arose from a hardcoded machineKey within the software portal's configuration that could then be leveraged to create an executable malicious serialized payload, according to Gladinet. "We strongly recommend updating to the patched version, which improves key management and mitigates exposure. For customers who cannot update immediately, rotating the machineKey values is a recommended interim mitigation," said Gladinet. Ongoing intrusions involving the bug have also prompted its inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies urged to address the flaw by Apr. 29. Other file-sharing systems, including Cleo, MOVEit Transfer, and Fortra GoAnywhere, also had their vulnerabilities exploited in Clop ransomware attacks.
Such a vulnerability, which has been patched last week, arose from a hardcoded machineKey within the software portal's configuration that could then be leveraged to create an executable malicious serialized payload, according to Gladinet. "We strongly recommend updating to the patched version, which improves key management and mitigates exposure. For customers who cannot update immediately, rotating the machineKey values is a recommended interim mitigation," said Gladinet. Ongoing intrusions involving the bug have also prompted its inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies urged to address the flaw by Apr. 29. Other file-sharing systems, including Cleo, MOVEit Transfer, and Fortra GoAnywhere, also had their vulnerabilities exploited in Clop ransomware attacks.
