The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent call for organizations to address two critical zero-day vulnerabilities that have been actively exploited: one in Gladinet’s CentreStack platform and another in Microsoft’s Windows operating system.
CentreStack Vulnerability (CVE-2025-30406):
Identified as CVE-2025-30406 with a Common Vulnerability Scoring System (CVSS) score of 9, this flaw pertains to how CentreStack manages cryptographic keys for ViewState integrity verification. The vulnerability allows attackers to forge data and execute arbitrary code remotely. Gladinet disclosed this issue on April 3, 2025, noting that it had been exploited in the wild since March. The company has released patches in CentreStack version 16.4.10315.56368 and recommends immediate updates or, as a temporary measure, rotating the machineKey values. The latest build now automatically generates a new machine key during installation to enhance system security.
Windows Vulnerability (CVE-2025-29824):
The second vulnerability, CVE-2025-29824, carries a CVSS score of 7.8 and is a use-after-free issue in the Common Log File System (CLFS) driver of Windows. This flaw can be exploited to elevate local privileges. Microsoft addressed this security defect in the April 2025 Patch Tuesday updates.
CISA’s Directive:
In response to these vulnerabilities, CISA has added both CVE-2025-30406 and CVE-2025-29824 to its Known Exploited Vulnerabilities catalog. The agency emphasizes the importance of prompt patching, stating that such vulnerabilities are frequent attack vectors for malicious actors and pose significant risks to the federal enterprise. Federal agencies are mandated to apply the necessary patches within a specified timeframe, and CISA strongly advises all organizations to follow suit to mitigate potential threats.
