CentreStack RCE exploited as zero-day to breach file sharing servers

Hackers exploited a vulnerability in Gladinet CentreStack's secure file-sharing software as a zero-day since March to breach storage servers Gladinet CentreStack is an enterprise file-sharing and access platform that turns on-premise file servers (like Windows servers with SMB shares) into secure, cloud-like file systems supporting remote access to internal file shares, file syncing and sharing, multi-tenant deployments, and integration with Active Directory. The company claims the product is used by thousands of businesses across 49 countries, including enterprises with Windows-based file servers, MSPs hosting file services for multiple clients, and various organizations that need cloud-like access without cloud migration. The flaw, tracked as CVE-2025-30406, is a deserialization vulnerability impacting Gladinet CentreStack versions up to 16.1.10296.56315. Exploitation in the wild has been observed since March 2025. The issue stems from using a hardcoded machineKey in the CentreSt ... Read full article.