CVE-2025-34069 — CRITICAL (9.8)

Vulnerability Description

An authentication bypass vulnerability exists in GFI Kerio Control 9.4.5 due to insecure default proxy configuration and weak access control in the GFIAgent service. The non-transparent proxy on TCP port 3128 can be used to forward unauthenticated requests to internal services such as GFIAgent, bypassing firewall restrictions and exposing internal management endpoints. This enables unauthenticated attackers to access the GFIAgent service on ports 7995 and 7996, retrieve the appliance UUID, and issue administrative requests via the proxy. Exploitation results in full administrative access to the Kerio Control appliance.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Gfi	Kerio Control	9.4.5

Related Weaknesses (CWE)

CWE-306

References

https://ssd-disclosure.com/ssd-advisory-kerio-control-authentication-bypass-and-ExploitThird Party Advisory
https://vulncheck.com/advisories/gfi-kerio-control-auth-bypass-rceThird Party Advisory

FAQ

What is CVE-2025-34069?

CVE-2025-34069 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An authentication bypass vulnerability exists in GFI Kerio Control 9.4.5 due to insecure default proxy configuration and weak access control in the GFIAgent service. The non-transparent proxy on TCP p...

How severe is CVE-2025-34069?

CVE-2025-34069 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-34069?

Check the references section above for vendor advisories and patch information. Affected products include: Gfi Kerio Control.