What is it?
Gladinet CentreStack is a file sharing service that does not rely on a traditional VPN (Virtual Private Network).
YA version of Gladinet CentreStack that uses a hard-coded key stored in the IIS web.config file.
You can learn more about the threat at the CISA (Cybersecurity & Infrastructure Security Agency) link below.
Why is it a risk?
The hard-coded key allows an attacker to forge ViewState payloads for server-side deserialization, allowing for remote code execution.
This exploitation has been observed “in the wild” in March 2025.
The risk assessment of this exploit is “9 out of 10” (very high).
How can you mitigate the risk?
You should immediately upgrade your Gladinet CentreStack version to version 16.4.10315.56368 (03 Apr 2025) or higher.
A Installation GUI Tool is available at the CentreStack Release History link below.
Resources:
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CentreStack Release History
