CVE-2025-30406 Scanner

Gladinet CentreStack is a file server mobilization platform widely used by enterprises to provide secure file access and sharing. It allows users to convert their existing on-premise file server infrastructure into a secure cloud-based solution. Deployed by IT departments, it aims to provide seamless collaboration while maintaining data security. It is utilized across various sectors, including education, healthcare, and financial services, for its robust encryption and access control mechanisms. The platform is designed to integrate with existing servers, offering users a familiar interface and minimizing the need for significant retraining. Its popularity stems from its ability to simplify the transition to cloud storage without disrupting existing workflows.

The remote code execution vulnerability in Gladinet CentreStack is a critical security flaw that allows attackers to execute arbitrary code on the targeted server. This is due to the improper use of hard-coded keys in the product's CentreStack portal, which can be exploited through a deserialization attack. An attacker who gains knowledge of hard-coded keys can inject malicious payloads that the server may execute without proper authorization. The vulnerability, CVE-2025-30406, is deemed critical due to its high impact and ease of exploitation. This security gap could potentially grant attackers unauthorized access or control over sensitive data and core systems. Mitigating this vulnerability is crucial to maintaining the integrity and confidentiality of information stored and shared via CentreStack.

Technical details of the vulnerability reveal that attackers exploit a deserialization flaw within the Gladinet CentreStack portal. The hard-coded machine keys, vulnerable to interception and manipulation, allow malicious actors to craft payloads for server-side code execution. The attack vector hinges on the abuse of the portal's serialization process, where unauthorized inputs can be transformed into executable commands. The endpoint affected by this flaw is primarily the login page, where crafted deserialization payloads can bypass authentication controls. Attackers can compel the system to deserialize untrusted data, thus executing commands with system-level privileges. Ensuring secure serialization practices and removing hard-coded configurations are pivotal steps in addressing this vulnerability.

If exploited, the vulnerability could have severe consequences, including unauthorized control of the server's operations and data. Attackers could potentially retrieve or manipulate sensitive files, introduce malware, or pivot to other systems linked to the CentreStack network. The integrity of stored data might be compromised, leading to breaches of confidentiality or loss of essential information. Such attacks might bypass usual authentication mechanisms, offering threat actors undetected access for extended periods. The resulting damage could extend beyond data loss to include financial implications, reputational damage, and legal liabilities for organizations relying on CentreStack. Prompt remediation and continuous monitoring are critical to protecting against such potential exploits.

REFERENCES

• https://nvd.nist.gov/vuln/detail/CVE-2025-30406
• https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf
• https://www.centrestack.com/p/gce_latest_release.html