Authentication Bypass Vulnerability in GFI Kerio Control by GFI Software
CVE-2025-34069

9.5CRITICAL

Key Information:

Vendor: Gfi Software
Status: Kerio Control
Vendor: CVE Published:; 2 July 2025

🔔 Create Gfi Software Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2025-34069?

An authentication bypass vulnerability exists in the GFI Kerio Control version 9.4.5 due to an insecure default proxy configuration and inadequate access control in the GFIAgent service. The non-transparent proxy operating on TCP port 3128 can allow unauthenticated requests to be forwarded to internal services, circumventing firewall protections and revealing sensitive endpoints. This vulnerability lets malicious actors access the GFIAgent service on ports 7995 and 7996, potentially gaining the appliance UUID and executing administrative commands through the proxy. The implications of this flaw include unauthorized administrative access to the Kerio Control appliance, highlighting a significant risk for network security.

Affected Version(s)

Kerio Control 9.4.5

References

https://ssd-disclosure.com/ssd-advisory-kerio-control-aut...

third-party-advisorytechnical-descriptionexploit

https://vulncheck.com/advisories/gfi-kerio-control-auth-b...

third-party-advisory

CVSS V4

Score:

9.5

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jul 2, 2025
👾
Exploit known to exist
Jul 2, 2025
Vulnerability published
Jul 2, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

z3er01 of zeronvll

SSD Secure Disclosure