Ethical Hacking News
Hackers have successfully exploited a new vulnerability in Gladinet's CentreStack cryptographic algorithm to launch Remote Code Execution (RCE) attacks. This undetected flaw allows hackers to extract hardcoded encryption keys, decrypt sensitive data, and even execute malicious commands remotely. Gladinet has released an update for the affected product, but users are advised to upgrade promptly as a preventive measure against these RCE attacks.
Gladinet suffered a significant security breach due to an undetected vulnerability in its proprietary cryptographic algorithm. The vulnerability allowed hackers to gain unauthorized access to sensitive data stored on affected systems through hardcoded encryption keys and initialization vectors (IVs). R researchers discovered the exploit through constant monitoring of the web, which combined with another previously tracked issue, CVE-2025-30406, enabled attackers to gain full control. The vulnerability allowed hackers to decrypt access tickets containing sensitive data and execute remote code execution via ViewState deserialization flaws in web.config files. Gladinet has notified its customers about the vulnerability and advised them to update their products to the latest version, as well as rotate machine keys for added security.
Gladinet, a company specializing in secure remote file access and sharing solutions, has recently suffered a significant security breach due to an undetected vulnerability in its proprietary cryptographic algorithm. The attack vector exploited by hackers utilizes the newly discovered flaw to gain unauthorized access to sensitive data stored on affected systems.
The Gladinet CentreStack product is designed to provide secure remote file access and sharing capabilities for organizations. However, researchers have found that a custom implementation of the Advanced Encryption Standard (AES) cryptographic algorithm in the product allows for hardcoded encryption keys and initialization vectors (IVs). This creates a serious vulnerability that can be exploited by attackers to gain unauthorized access to encrypted data.
Researchers at Huntress, a managed cybersecurity platform provider, discovered the exploit through their constant monitoring of the web. The company detected instances where an attacker was leveraging this vulnerability in conjunction with another previously tracked issue known as CVE-2025-30406—a local file inclusion flaw that allows a local attacker to access system files without authentication.
Once Huntress researchers gained insight into how attackers were exploiting these vulnerabilities, they investigated further to determine the cause of the problem. They found that the hardcoded encryption keys in GladCtrl64.dll, used by the 'filesvr.dn' handler, were static and unique across all product installations, making them easily accessible for hackers.
These hardcoded values allow an attacker to decrypt access tickets containing sensitive data such as file paths, usernames, passwords, and timestamps. Moreover, attackers could create their own fake access tickets that would instruct servers to return files on the disk without requiring authentication.
The Huntress team also discovered that attackers could exploit a ViewState deserialization flaw in web.config files to achieve remote code execution. This allowed them to execute malicious commands remotely, providing hackers with a serious entry point into compromised systems.
Gladinet has notified its customers about this vulnerability and advised them to update their products to the latest version (16.12.10420.56791), released on December 8, 2025. They also provided a set of indicators of compromise (IoCs) that would enable defenders to identify if their systems had been compromised.
As part of its response to this vulnerability, Gladinet is urging users of CentreStack and Triofox products to upgrade immediately. Users should also rotate machine keys as an additional security measure to prevent potential future attacks.
To protect themselves from the RCE attacks using the newly identified vulnerability in Gladinet'sCentreStack product, organizations are advised to:
- Update their product versions to the latest available.
- Rotate their machine keys regularly to avoid exploitation by hackers.
In light of this recent incident, it is a stark reminder of the importance of up-to-date security patches and vigilant defense strategies against newly identified vulnerabilities. Organizations must ensure they implement timely updates for all software components that may pose similar threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Hackers-Exploit-Vulnerability-in-Gladinet-CentreStack-Cryptographic-Algorithm-to-Launch-RCE-Attacks-ehn.shtml
https://www.bleepingcomputer.com/news/security/hackers-exploit-gladinet-centrestack-cryptographic-flaw-in-rce-attacks/
Published: Thu Dec 11 16:16:17 2025 by llama3.2 3B Q4_K_M
