← voltar
CVE-2025-34071

GFI Kerio Control Unsigned System Image Upload Root Code Execution

CVSS 9.4 CRITICALEPSS 0.7%CWE-306
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 9.4EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
02 jul 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attackers with administrative access to upload and execute arbitrary code through the firmware upgrade feature. The system upgrade mechanism accepts unsigned .img files, which can be modified to include malicious scripts within the upgrade.sh or disk image components. These modified upgrade images are not validated for authenticity or integrity, and are executed by the system post-upload, enabling root access.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Produtos afetados
GFI Software · Kerio Control

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://ssd-disclosure.com/ssd-advisory-kerio-control-authentication-bypass-and-rce/https://vulncheck.com/advisories/gfi-kerio-control-auth-bypass-rce