CVE-2025-34070

A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5 allows unauthenticated remote attackers to perform privileged operations. The GFIAgent service, responsible for integration with GFI AppManager, exposes HTTP services on ports 7995 and 7996 without proper authentication. The /proxy handler on port 7996 allows arbitrary forwarding to administrative endpoints when provided with an Appliance UUID, which itself can be retrieved from port 7995. This results in a complete authentication bypass, permitting access to sensitive administrative APIs.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://ssd-disclosure.com/ssd-advisory-kerio-control-authentication-bypass-and-rce/	Exploit Third Party Advisory
https://vulncheck.com/advisories/gfi-kerio-control-auth-bypass-rce	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gfi:kerio_control:9.4.5:-:*:*:*:*:*:*

History

17 Sep 2025, 13:56

Type	Values Removed	Values Added
References	~~() https://ssd-disclosure.com/ssd-advisory-kerio-control-authentication-bypass-and-rce/ -~~	() https://ssd-disclosure.com/ssd-advisory-kerio-control-authentication-bypass-and-rce/ - Exploit, Third Party Advisory
References	~~() https://vulncheck.com/advisories/gfi-kerio-control-auth-bypass-rce -~~	() https://vulncheck.com/advisories/gfi-kerio-control-auth-bypass-rce - Third Party Advisory
CPE		cpe:2.3:a:gfi:kerio_control:9.4.5:-::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Gfi kerio Control Gfi

03 Jul 2025, 15:13

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de falta de autenticación en el componente GFIAgent de GFI Kerio Control 9.4.5 permite a atacantes remotos no autenticados realizar operaciones privilegiadas. El servicio GFIAgent, responsable de la integración con GFI AppManager, expone servicios HTTP en los puertos 7995 y 7996 sin la autenticación adecuada. El controlador /proxy del puerto 7996 permite el reenvío arbitrario a endpoints administrativos cuando se le proporciona un UUID de dispositivo, que a su vez puede obtenerse del puerto 7995. Esto resulta en una omisión completa de la autenticación, lo que permite el acceso a API administrativas confidenciales.

02 Jul 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-02 14:15

Updated : 2025-09-17 13:56

NVD link : CVE-2025-34070

Mitre link : CVE-2025-34070

CVE.ORG link : CVE-2025-34070

JSON object : View

Products Affected

gfi

kerio_control

CWE

CWE-306

Missing Authentication for Critical Function

9.8 /10