CVE-2025-34069

Name of the Vulnerable Software and Affected Versions: GFI Kerio Control version 9.4.5

Description: An authentication bypass issue exists due to insecure default proxy configuration and weak access control in the GFIAgent service. The non-transparent proxy on TCP port 3128 can be used to forward unauthenticated requests to internal services, bypassing firewall restrictions and exposing internal management endpoints. This enables unauthenticated attackers to access the GFIAgent service on ports 7995 and 7996, retrieve the appliance UUID, and issue administrative requests via the proxy. Exploitation results in full administrative access to the Kerio Control appliance.

Recommendations: For GFI Kerio Control version 9.4.5, consider disabling the non-transparent proxy on TCP port 3128 as a temporary workaround to prevent exploitation. Restrict access to the GFIAgent service on ports 7995 and 7996 to minimize the risk of unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.