CVE-2025-34070

A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5 allows unauthenticated remote attackers to perform privileged operations. The GFIAgent service, responsible for integration with GFI AppManager, exposes HTTP services on ports 7995 and 7996 without proper authentication. The /proxy handler on port 7996 allows arbitrary forwarding to administrative endpoints when provided with an Appliance UUID, which itself can be retrieved from port 7995. This results in a complete authentication bypass, permitting access to sensitive administrative APIs.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://ssd-disclosure.com/ssd-advisory-kerio-control-authentication-bypass-and-rce/	Exploit Third Party Advisory
https://vulncheck.com/advisories/gfi-kerio-control-auth-bypass-rce	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gfi:kerio_control:9.4.5:-:*:*:*:*:*:*

History

17 Sep 2025, 13:56

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
References	~~() https://ssd-disclosure.com/ssd-advisory-kerio-control-authentication-bypass-and-rce/ -~~	() https://ssd-disclosure.com/ssd-advisory-kerio-control-authentication-bypass-and-rce/ - Exploit, Third Party Advisory
References	~~() https://vulncheck.com/advisories/gfi-kerio-control-auth-bypass-rce -~~	() https://vulncheck.com/advisories/gfi-kerio-control-auth-bypass-rce - Third Party Advisory
CPE		cpe:2.3:a:gfi:kerio_control:9.4.5:-::::::
First Time		Gfi kerio Control Gfi

03 Jul 2025, 15:13

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-02 14:15

Updated : 2025-09-17 13:56

NVD link : CVE-2025-34070

Mitre link : CVE-2025-34070

CVE.ORG link : CVE-2025-34070

JSON object : View

Products Affected

gfi

kerio_control

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2025-34070", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 10.0, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-02T14:15:24.527", "references": [{"url": "https://ssd-disclosure.com/ssd-advisory-kerio-control-authentication-bypass-and-rce/", "tags": ["Exploit", "Third Party Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://vulncheck.com/advisories/gfi-kerio-control-auth-bypass-rce", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5 allows unauthenticated remote attackers to perform privileged operations. The GFIAgent service, responsible for integration with GFI AppManager, exposes HTTP services on ports 7995 and 7996 without proper authentication. The /proxy handler on port 7996 allows arbitrary forwarding to administrative endpoints\u00a0when provided with an Appliance UUID, which itself can be retrieved from port 7995. This results in a complete authentication bypass, permitting access to sensitive administrative APIs."}, {"lang": "es", "value": "Una vulnerabilidad de falta de autenticaci\u00f3n en el componente GFIAgent de GFI Kerio Control 9.4.5 permite a atacantes remotos no autenticados realizar operaciones privilegiadas. El servicio GFIAgent, responsable de la integraci\u00f3n con GFI AppManager, expone servicios HTTP en los puertos 7995 y 7996 sin la autenticaci\u00f3n adecuada. El controlador /proxy del puerto 7996 permite el reenv\u00edo arbitrario a endpoints administrativos cuando se le proporciona un UUID de dispositivo, que a su vez puede obtenerse del puerto 7995. Esto resulta en una omisi\u00f3n completa de la autenticaci\u00f3n, lo que permite el acceso a API administrativas confidenciales."}], "lastModified": "2025-09-17T13:56:58.470", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gfi:kerio_control:9.4.5:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4466D8DD-63A6-4BE1-B9CB-3C7529D8AC2C"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}