The recent update to the Known Exploited Vulnerabilities (KEV) Catalog by the Cybersecurity and Infrastructure Security Agency (CISA) has brought attention to two new vulnerabilities actively being exploited in the wild. These vulnerabilities, identified as CVE-2025-30406 and CVE-2025-29824, pose significant risks to systems using Gladinet CentreStack and Microsoft Windows, respectively.
Starting with CVE-2025-30406, this vulnerability specifically targets Gladinet CentreStack’s cryptographic key management. The flaw, present in versions up to 16.1.10296.56315 (fixed in 16.4.10315.56368), stems from the misuse of hardcoded cryptographic keys in the web configuration files. This oversight allows attackers with knowledge of the machineKey to forge ViewState data and execute remote code on the server, potentially taking control of the system. The active exploitation of this vulnerability in March 2025 prompted immediate action from security teams to address the issue and prevent further attacks.
The severity of CVE-2025-30406 is rated as Critical, with a CVSS score of 9.0, underlining the urgency of applying patches and maintaining secure cryptographic key management practices. Gladinet has released a patch (version 16.4.10315.56368) that automatically generates unique machineKeys to mitigate the risk of exploitation. Organizations are strongly advised to update to the patched version promptly or rotate machineKey values as an interim measure to enhance security.
Moving on to CVE-2025-29824, this vulnerability affects the Microsoft Windows Common Log File System (CLFS) driver, leading to a Use-After-Free issue that could be exploited by attackers to elevate privileges within the system. The vulnerability, classified as High severity with a CVSS score of 7.8, affects various versions of Windows, including Windows Server editions and Windows 10. Once exploited, attackers could gain elevated privileges, potentially compromising the entire system.
Microsoft has released security patches to address CVE-2025-29824, urging users to apply updates promptly to safeguard their systems from potential exploitation. Timely updates are crucial in mitigating risks associated with memory handling flaws and preventing unauthorized access to sensitive data.
In conclusion, the addition of CVE-2025-30406 and CVE-2025-29824 to the CISA KEV Catalog underscores the growing trend of active exploitation targeting critical infrastructure systems and widely used platforms. Organizations utilizing Gladinet CentreStack and Microsoft Windows must prioritize cybersecurity measures, including patching vulnerabilities, securing cryptographic keys, and maintaining proper system configurations to protect against potential cyber threats and safeguard sensitive information.
It is essential for businesses and individuals to stay vigilant, follow best practices in cybersecurity, and promptly address any vulnerabilities to enhance overall resilience against evolving cyber threats.