The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) Catalog, adding two critical vulnerabilities: CVE-2025-30406 and CVE-2025-29824. These vulnerabilities have been actively exploited, posing significant risks to organizations.

CVE-2025-30406: Gladinet CentreStack Hard-coded Cryptographic Key Vulnerability

Gladinet CentreStack, a cloud storage solution, has been identified with a deserialization vulnerability due to a hardcoded INLINECODE0 in the INLINECODE1 file. This flaw allows attackers who know the INLINECODE2 to create serialized payloads that can be deserialized on the server, potentially leading to remote code execution. The vulnerability affects versions up to 16.1.10296.56315 and has been assigned a CVSS score of 9.0, indicating a critical risk.

Impact:
  • Remote code execution on the CentreStack server.
  • Compromise of system integrity and availability.
  • Unauthorized access to sensitive data.
Mitigation:
  • Upgrade to Gladinet CentreStack version 16.4.10315.56368 or later.
  • Manually delete the INLINECODE3 defined in INLINECODE4 .
  • Implement network segmentation to limit external access to the CentreStack portal.
  • Review and rotate all cryptographic keys.
  • Monitor for suspicious deserialization activities.

CVE-2025-29824: Microsoft Windows CLFS Driver Use-After-Free Vulnerability

A use-after-free vulnerability has been discovered in the Microsoft Windows Common Log File System (CLFS) driver. This flaw allows local attackers to escalate privileges to SYSTEM level by exploiting specific functions within the CLFS driver. The vulnerability has been actively exploited in the wild, highlighting its severity. It affects multiple versions of Microsoft Windows, including Windows Server editions and Windows 10, spanning from version 10.0.17763.0 to later versions such as 10.0.26100.0. Once exploited, the vulnerability enables attackers to gain elevated privileges, potentially leading to full control over the compromised machine. (tenable.com)

Impact:
  • Elevation of privileges to SYSTEM level.
  • Potential for complete system compromise.
  • Increased risk of further exploitation within the network.
Mitigation:
  • Apply the latest security patches provided by Microsoft.
  • Monitor systems for signs of exploitation, such as unexpected behavior or unauthorized access.
  • Implement endpoint detection and response solutions to identify and mitigate exploitation attempts.

CISA's Recommendations

CISA emphasizes the importance of timely remediation of these vulnerabilities to protect against active threats. While the Binding Operational Directive (BOD) 22-01 mandates Federal Civilian Executive Branch (FCEB) agencies to address these vulnerabilities by specified due dates, CISA strongly urges all organizations to prioritize the remediation of cataloged vulnerabilities as part of their vulnerability management practices. (windowsforum.com)

Additional Resources:

By staying informed and proactive, organizations can better defend against these critical vulnerabilities and enhance their overall cybersecurity posture.