CVE-2025-34070

Name of the Vulnerable Software and Affected Versions: GFI Kerio Control version 9.4.5

Description: A missing authentication vulnerability in the GFIAgent component allows unauthenticated remote attackers to perform privileged operations. The GFIAgent service exposes HTTP services on ports 7995 and 7996 without proper authentication. The "/proxy" handler on port 7996 allows arbitrary forwarding to administrative endpoints when provided with an Appliance UUID, which can be retrieved from port 7995. This results in a complete authentication bypass, permitting access to sensitive administrative APIs.

Recommendations: For GFI Kerio Control version 9.4.5, consider disabling the GFIAgent service or restricting access to ports 7995 and 7996 until a patch is available. As a temporary workaround, avoid using the /proxy handler on port 7996 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.