Intel Name: Suspicious process spawned by centrestack portal apppool
Date of Scan: April 23, 2025
Impact: High
Summary: Detects suspicious command shell execution (cmd.exe) initiated by w3wp.exe, potentially linked to the exploitation of CentreStack’s portal.config—indicative of CVE-2025-30406 activity.
