Attacks exploiting Gladinet CentreStack cryptographic algorithm bug ongoing

BleepingComputer reports that at least nine organizations across various sectors have already been targeted by intrusions harnessing a new cryptographic algorithm vulnerability in Gladinet's CentreStack and Triofox offerings, alongside the older local file inclusion bug, tracked as CVE-2025-30406. Attacks exploiting the flaw, which is yet to be given an identifier, could allow hardcoded cryptographic key compromise and remote code execution, according to Huntress researchers. Threat actors leveraged hardcoded AES keys to forge Access Tickets, which had their timestamps altered to the year 9999, before seeking the server's web[.]config file with the machineKey that was later tapped to allow RCE. Organizations using vulnerable Gladinet CentreStack and Triofox instances have been urged to promptly upgrade to a version released this week, as well as conduct machine key rotation. Researchers also recommended log scanning for the "vghpI7EToZUDIZDdprSubL3mTZ2" string, which is considered to be an indicator of compromise due to its link to the encrypted file path.