Critical RCE Vulnerability Exploited in Gladinet’s Triofox and CentreStack
Discover the critical remote code execution vulnerability affecting Gladinet’s Triofox and CentreStack, impacting multiple organizations. Learn about the security flaw and its implications.
TL;DR
A severe security vulnerability in Gladinet’s CentreStack and Triofox has been actively exploited, impacting at least seven organizations. The flaw, tracked as CVE-2025-30406, involves a hard-coded cryptographic key and exposes internet-accessible servers to remote code execution attacks.
Introduction
A recently disclosed critical security vulnerability in Gladinet’s CentreStack has been found to also impact its Triofox remote access and collaboration solution. According to cybersecurity firm Huntress, this flaw has been actively exploited, affecting at least seven different organizations to date. The vulnerability, tracked as CVE-2025-30406 with a CVSS score of 9.0, involves the use of a hard-coded cryptographic key that could expose internet-accessible servers to remote code execution (RCE) attacks.
Vulnerability Details
The vulnerability, identified as CVE-2025-30406, is caused by the use of a hard-coded cryptographic key within Gladinet’s CentreStack and Triofox solutions. This security flaw allows attackers to execute arbitrary code on affected servers, potentially leading to full system compromise. The issue is particularly concerning for organizations using these solutions for remote access and collaboration, as it exposes them to significant security risks.
Impact and Exploitation
To date, at least seven organizations have been compromised due to this vulnerability. The active exploitation underscores the urgency for organizations using Gladinet’s solutions to apply the necessary patches and implement robust security measures. The potential impact includes:
- Unauthorized access to sensitive data
- Disruption of services
- Compromise of entire networks
Mitigation and Recommendations
Organizations using Gladinet’s CentreStack and Triofox are urged to take immediate action to mitigate the risk associated with this vulnerability. Recommended steps include:
- Applying the latest security patches provided by Gladinet
- Conducting a thorough security audit of affected systems
- Implementing strong cryptographic practices
- Monitoring network traffic for signs of compromise
For more details, visit the full article: source
Conclusion
The critical RCE vulnerability in Gladinet’s CentreStack and Triofox highlights the importance of vigilant security practices. Organizations must stay proactive in applying patches and monitoring their systems to protect against such threats. The ongoing exploitation of this vulnerability serves as a reminder of the ever-evolving landscape of cybersecurity challenges.
Additional Resources
For further insights, check: