The issue is said to be present across 120 endpoints.
At least seven organisations have already been compromised in intrusions exploiting the critical zero-day deserialisation flaw.
The flaw, which impacts the Gladinet CentreStack enterprise file-sharing platform and Triofox on-premises file-sharing server, and is tracked as CVE-2025-30406, has seen seven organisations compromised, reports Cybersecurity Dive.
All attacks involving the flaw, which arose from a default hardcoded key in CentreStack's configuration files, have been aimed at CentreStack instances, according to Huntress researchers, who noted the issue to be present across 120 endpoints.
"Based on our telemetry, the observed exploitation activity is not likely to be driven by a single actor or group, nor does it appear to be specifically targeting managed service providers (MSPs). Instead, the behaviour suggests attacks of opportunity," said Huntress principal security researcher John Hammond.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
