CVE-2024-52875
HIGH EXPLOITED NUCLEIGFI Kerio Control 9.2.5-9.4.5 - HTTP Response Splitting via Dest Parameter
Title source: llmExploitation Summary
CVE-2024-52875 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and /nonauth/guestConfirm.cs and /nonauth/expiration.cs pages is not properly sanitized before being used to generate a Location HTTP header in a 302 HTTP response. This can be exploited to perform Open Redirect or HTTP Response Splitting attacks, which in turn lead to Reflected Cross-Site Scripting (XSS). Remote command execution can be achieved by leveraging the upgrade feature in the admin interface.
Nuclei Templates (1)
Kerio Control v9.2.5 - CRLF Injection
HIGHVERIFIEDby ritikchaddha,iamnoooob,rootxharsh,pdresearch
Shodan:
Kerio Control
FOFA:
Kerio Control
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://karmainsecurity.com/hacking-kerio-control-via-cve-2024-52875
Exploit, Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2024/Dec/15
Scores
CVSS v3
8.8
EPSS
0.2730
EPSS Percentile
97.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
VulnCheck KEV
2025-01-08
CWE
CWE-113
Status
published
Products (1)
gfi/kerio_control
9.2.5 - 9.4.5
Published
Jan 31, 2025
Tracked Since
Feb 18, 2026