PT-2025-13652 · Gfi · Gfi Kerioconnect

Published

2025-03-30

Updated

2025-11-04

CVE-2025-2976

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions GFI KerioConnect version 10.0.6

Description A vulnerability was found in the File Upload component, which can lead to cross-site scripting. The manipulation can be launched remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations For GFI KerioConnect version 10.0.6, consider disabling the File Upload feature until a patch is available to prevent cross-site scripting attacks. Restrict access to the File Upload component to minimize the risk of exploitation.

Exploit

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2025-2976

Affected Products

Gfi Kerioconnect

PT-2025-13652 · Gfi · Gfi Kerioconnect

CVE-2025-2976

Weakness Enumeration

Related Identifiers

Affected Products

References · 12