Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability

Apr 15, 2025Ravie LakshmananVulnerability / Endpoint Security

A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised to date.

Tracked as CVE-2025-30406 (CVSS score: 9.0), the vulnerability refers to the use of a hard-coded cryptographic key that could expose internet-accessible servers to remote code execution attacks.

It has been addressed in CentreStack version 16.4.10315.56368 released on April 3, 2025. The vulnerability is said to have been exploited as a zero-day in March 2025, although the exact nature of the attacks is unknown.

Now, according to Huntress, the weakness also affects Gladinet Triofox up to version 16.4.10317.56372.

“By default, previous versions of the Triofox software have the same hardcoded cryptographic keys in their configuration file, and can be easily abused for remote code execution,” John Hammond, principal cybersecurity researcher at Huntress, said in a report.

Telemetry data gathered from its partner base has revealed that the CentreStack software is installed on about 120 endpoints and that seven unique organizations were affected by the exploitation of the vulnerability.

The earliest sign of compromise dates back to April 11, 2025, 16:59:44 UTC. The attackers have been observed leveraging the flaw to download and sideload a DLL using an encoded PowerShell script, an approach seen in recent attacks using the CrushFTP flaw, followed by conducting lateral movement and installing MeshCentral for remote access.

Huntress also said the attackers have been identified as running Impacket PowerShell commands to perform various enumeration commands and install MeshAgent. That said, the exact scale and the end goal of the campaigns are currently unknown.

In light of active exploitation, it’s essential that users of Gladinet CentreStack and Triofox update their instances to the latest version to safeguard against potential risks.

Upgrade your audio game with the Logitech for Creators Blue Yeti USB Microphone. With over 33,730 ratings and an impressive 4.6 out of 5 stars, it’s no wonder this is an Amazon’s Choice product. Recently, 5K+ units were purchased in the past month.

Available in five stunning colors: Teal, Silver, Pink Dawn, Midnight Blue, and Blackout, this microphone is perfect for creators looking to produce exceptional audio. Priced at only $84.99, it’s a deal you can’t afford to miss.

Elevate your recordings with clear broadcast-quality sound and explore your creativity with enhanced effects, advanced modulation, and HD audio samples. Order now for just $84.99 on Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!