CVE-2024-52875

HIGH EXPLOITED NUCLEI

GFI Kerio Control < 9.4.5 - XSS

Title source: rule

Description

An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and /nonauth/guestConfirm.cs and /nonauth/expiration.cs pages is not properly sanitized before being used to generate a Location HTTP header in a 302 HTTP response. This can be exploited to perform Open Redirect or HTTP Response Splitting attacks, which in turn lead to Reflected Cross-Site Scripting (XSS). Remote command execution can be achieved by leveraging the upgrade feature in the admin interface.

Nuclei Templates (1)

Kerio Control v9.2.5 - CRLF Injection

HIGHVERIFIEDby ritikchaddha,iamnoooob,rootxharsh,pdresearch

Shodan: Kerio Control

FOFA: Kerio Control

References (2)

[Exploit, Third Party Advisory] https://karmainsecurity.com/hacking-kerio-control-via-cve-2024-52875

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2024/Dec/15

Scores

CVSS v3 8.8

EPSS 0.7857

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitation Intel

VulnCheck KEV 2025-01-08

Classification

CWE

CWE-113

Status published

Affected Products (1)

gfi/kerio_control < 9.4.5

Timeline

Published Jan 31, 2025

Tracked Since Feb 18, 2026