CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-34070

CVSS 10.0v4.0pub. 2025-07-02upd. 2025-09-17

A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5 allows unauthenticated remote attackers to perform privileged operations. The GFIAgent service, responsible for integration with GFI AppManager, exposes HTTP services on ports 7995 and 7996 without proper authentication. The /proxy handler on port 7996 allows arbitrary forwarding to administrative endpoints when provided with an Appliance UUID, which itself can be retrieved from port 7995. This results in a complete authentication bypass, permitting access to sensitive administrative APIs.

🤖 AI Analysis
How it works

The GFIAgent service, responsible for integration with GFI AppManager, exposes HTTP interfaces on ports 7995 and 7996 without any authentication. Port 7995 reveals the device identifier (Appliance UUID), which can then be passed to the /proxy handler on port 7996. The /proxy handler allows arbitrary request redirection to internal, administrative endpoints, thereby completely bypassing access control mechanisms. As a result, the attacker gains full access to sensitive administrative APIs of the system.

Impact

An attacker without any privileges can remotely execute privileged administrative operations on the device, which combined with the ability to access internal APIs can lead to complete system takeover, including potentially RCE.

Mitigation & patch

Apply patches available from the vendor according to the references. Additionally, it is recommended to restrict network access to ports 7995 and 7996 exclusively to trusted hosts using firewall rules, until the official patch is deployed.

Who is affected

GFI Kerio Control version 9.4.5

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Gfi Kerio Control

    APP
    Gfi
    9.4.5
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2025-34069CRITICAL9.5PL ✓ten sam produkt

Authentication Bypass w GFI Kerio Control — pełny dostęp admina bez uwierzytelnienia

CVE-2025-34071CRITICAL9.4PL ✓ten sam produkt

RCE w GFI Kerio Control poprzez mechanizm aktualizacji firmware

CVE-2024-52875HIGH8.8ten sam produkt

An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonaut...

CVE-2019-16414MEDIUM6.1ten sam produkt

A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malicious code and manipulating the login page...

CVE-2026-2038CRITICAL9.8PL ✓ten sam vendor

GFI Archiver MArc.Core — pominięcie autoryzacji (Authentication Bypass)