CVE-2025-34071

Name of the Vulnerable Software and Affected Versions: GFI Kerio Control version 9.4.5

Description: A remote code execution issue allows attackers with administrative access to upload and execute arbitrary code through the firmware upgrade feature. The system upgrade mechanism accepts unsigned .img files, which can be modified to include malicious scripts within the upgrade.sh or disk image components. These modified upgrade images are not validated for authenticity or integrity and are executed by the system post-upload, enabling root access.

Recommendations: For GFI Kerio Control version 9.4.5, consider disabling the firmware upgrade feature until a patch is available to prevent the upload and execution of arbitrary code. Restrict access to the system upgrade mechanism to minimize the risk of exploitation. Avoid using unsigned .img files in the firmware upgrade feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.