Critical Vulnerability in MSP File Sharing Platform: Why SMBs Need to Embrace Shared Responsibility

Since March 2025, attackers have actively exploited a critical remote code execution (RCE) vulnerability (CVE-2025-30406) affecting the Gladinet CentreStack file-sharing platform. This security incident highlights the importance of shared responsibility between small and medium-sized businesses (SMBs) and their managed service providers (MSPs).

Understanding the Vulnerability

The vulnerability affects CentreStack, a platform commonly used by MSPs to provide cloud-like file services to their customers, including file sharing, backup, collaboration, and remote access. CVE-2025-30406 is a deserialization vulnerability caused by hardcoded machineKey use in the CentreStack portal's IIS web config file.

This security flaw allows attackers who obtain or predict the machinekey to forge ViewState payloads that pass integrity checks, potentially leading to remote code execution on the web server. The vulnerability affects CentreStack versions up to and including v16.1.10296.56315 and has been fixed in version 16.4.10315.56368, released on April 3, 2025. See https://www.helpnetsecurity.com/2025/04/09/rce-gladinet-centrestack-file-sharing-exploited-cve-2025-30406/ for more information

Additionally, Triofox, Gladinet's enterprise-focused file sharing platform, is also affected by this vulnerability, and exploitation has been observed in the wild.

The Shared Responsibility Model for SMBs and MSPs

When SMBs partner with MSPs, both parties must understand their roles in maintaining security. The shared responsibility model is a security framework that outlines the responsibilities of service providers and their customers.

For SMBs using managed services, this means:

• MSPs are responsible for securing the infrastructure, implementing security measures, and providing expertise.

• SMBs are responsible for understanding their security needs, ensuring proper implementation, and maintaining vigilance.

This partnership is crucial because 43% of all cyberattacks target small businesses, with potentially devastating financial consequences. Some small companies leave in the months following a massive cyber-attack as they might not be able to support their business while rebuilding and delaying with any breach notification processes.

3 Actionable Tips for SMBs Using Managed Services

1. Establish Clear Security Protocols and Communication Channels

SMBs should work with their MSPs to establish clear security protocols and regular communication channels. This includes:

• Defining security responsibilities in your service level agreement (SLA)

• Scheduling regular security reviews and updates

• Creating an incident response plan that clearly outlines steps to take when vulnerabilities like CVE-2025-30406 are discovered

When vulnerabilities are announced, SMBs should immediately contact their MSP to verify if they're affected and what remediation steps are being taken. Regarding the CentreStack vulnerability, this would mean confirming whether your systems need updating to version 16.4.10315.56368 or if the machineKey needs to be manually rotated.

2. Implement Multi-Layered Security Measures

Don't rely solely on your MSP for all security needs. Implement additional security layers:

• Enable multi-factor authentication (MFA) for all critical systems and services

• Establish secure remote access policies, essential with the rise of remote work

• Implement data encryption for sensitive information both at rest and in transit

• Ensure regular data backups are performed and tested

These measures provide protection even if one security layer is compromised. For example, if an attacker exploits the CentreStack vulnerability, MFA could prevent them from accessing sensitive systems despite having initial access.

3. Regularly Audit Your MSP's Security Practices

SMBs should regularly audit their MSP's security practices:

• Request documentation of security protocols and compliance certifications

• Verify that your MSP stays current with security patches and updates

• Ensure they perform regular vulnerability assessments and penetration testing

• Confirm they have a disaster recovery plan in place

Ask specific questions about how they handle vulnerabilities like the one affecting CentreStack. Do they have automated systems to detect and patch vulnerabilities? How quickly do they respond to critical security announcements? How do they communicate these issues to clients?

Conclusion

The exploitation of CVE-2025-30406 in the CentreStack platform reminds us that cybersecurity is a shared responsibility between SMBs and their MSPs. By establishing clear communication, implementing multi-layered security, and regularly auditing MSP security practices, SMBs can better protect themselves from evolving cyber threats.

Remember, while MSPs provide valuable expertise and resources, the ultimate responsibility for your business's security cannot be completely outsourced. A collaborative approach to security is essential in today's threat landscape.