CVE-2025-34070

216.73.217.22

· Published 02/07/2025 14:15 · Modified 03/07/2025 15:13

Labels: CVE-2025-34070 2025-07-02 CVE-2025-34070 CWE-306 [email protected]

Essential information

Published: 02/07/2025 14:15
Modified: 03/07/2025 15:13
Author: —
Creator: —
CVSS: 10.0 CRITICAL (v3) 10.0 CRITICAL (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5 allows unauthenticated remote attackers to perform privileged operations. The GFIAgent service, responsible for integration with GFI AppManager, exposes HTTP services on ports 7995 and 7996 without proper authentication. The /proxy handler on port 7996 allows arbitrary forwarding to administrative endpoints when provided with an Appliance UUID, which itself can be retrieved from port 7995. This results in a complete authentication bypass, permitting access to sensitive administrative APIs.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
gfi / kerio control	`cpe:2.3:a:gfi:kerio_control:9.4.5:::::::*`