US CISA adds Gladinet CentreStack and ZTA Microsoft Windows Common Log File System CLFS Driver flaws to its Known Exploited Vulnerabilities catalog – Securityaffairs.com
Published on: 2025-04-09
Intelligence Report: US CISA adds Gladinet CentreStack and ZTA Microsoft Windows Common Log File System CLFS Driver flaws to its Known Exploited Vulnerabilities catalog – Securityaffairs.com
1. BLUF (Bottom Line Up Front)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified critical vulnerabilities in Gladinet CentreStack and the Microsoft Windows Common Log File System (CLFS) Driver, tracked as CVE-2025-30406 and CVE-2025-29824, respectively. These vulnerabilities have been actively exploited, posing significant risks to affected systems. Immediate action is required to update and mitigate these vulnerabilities to prevent potential remote code execution and privilege escalation attacks.
2. Detailed Analysis
The following structured analytic techniques have been applied for this analysis:
General Analysis
The vulnerability CVE-2025-30406 in Gladinet CentreStack is a deserialization issue stemming from the use of a hardcoded machineKey in the IIS web.config file. This flaw allows threat actors to perform ViewState deserialization attacks, potentially leading to remote code execution (RCE). The vulnerability has been addressed in version 16.4.10315.56368, released on April 3, 2025. Organizations are advised to update to this version or implement interim mitigations such as rotating machineKey values.
The CVE-2025-29824 vulnerability in the Microsoft Windows CLFS Driver is a “use after free” issue that enables local privilege escalation to SYSTEM level. This vulnerability has been confirmed to be exploited in the wild, necessitating immediate patching efforts.
3. Implications and Strategic Risks
The exploitation of these vulnerabilities poses significant risks to national security, particularly for federal agencies and critical infrastructure sectors. The potential for remote code execution and privilege escalation could lead to unauthorized access, data breaches, and disruption of services. The economic impact could be substantial, affecting both public and private sectors.
4. Recommendations and Outlook
Recommendations:
- Organizations should prioritize updating affected systems to the latest patched versions to mitigate the identified vulnerabilities.
- Implement interim security measures, such as rotating machineKey values, to reduce exposure until updates can be applied.
- Enhance monitoring and incident response capabilities to detect and respond to potential exploitation attempts.
- Consider regulatory updates to enforce timely patch management practices across sectors.
Outlook:
Best-case scenario: Rapid adoption of patches and mitigations leads to a significant reduction in exploitation incidents, safeguarding critical systems.
Worst-case scenario: Delays in patching and mitigation efforts result in widespread exploitation, causing severe disruptions and data breaches.
Most likely outcome: A mixed response with some organizations promptly addressing the vulnerabilities while others face challenges in implementing necessary updates, leading to a moderate level of exploitation.
5. Key Individuals and Entities
The report references Gladinet CentreStack and Microsoft as key entities involved in the vulnerabilities. No specific individuals are mentioned by name in the context of this report.
