Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

KerioControl Firewalls Exposed to RCE

February 11, 2025
Reading Time: 2 mins read
in Alerts
Apple Patches Exploited USB Mode Flaw

Over 12,000 instances of the GFI KerioControl firewall are currently exposed to a critical vulnerability, CVE-2024-52875, which enables remote code execution (RCE). KerioControl is widely used by small and medium-sized businesses for network security tasks such as VPNs, traffic filtering, and intrusion prevention. The flaw was discovered by security researcher Egidio Romano in mid-December and was demonstrated to be easily exploitable, enabling attackers to carry out dangerous 1-click RCE attacks. GFI Software responded by releasing a security update in December 2024, but many vulnerable instances remained exposed weeks later.

According to a report by Censys, more than 23,800 instances of the firewall remained unpatched three weeks after the update was released. A subsequent analysis from Greynoise found that there were active exploitation attempts leveraging Romano’s proof-of-concept (PoC) exploit, which targeted the theft of admin CSRF tokens. This exploitation is not limited to skilled attackers, as the low requirements for executing the attack make it possible for even unskilled hackers to participate. The vulnerability allows attackers to manipulate the “dest” GET parameter on certain pages, leading to HTTP Response Splitting attacks and potential XSS attacks.

The vulnerability stems from improper sanitization of user input in the “dest” GET parameter, which can be exploited to manipulate HTTP headers. Specifically, the application fails to properly filter or remove linefeed characters, allowing attackers to inject malicious content into HTTP responses. This can lead to Reflected Cross-Site Scripting (XSS) attacks, which can then be abused to trigger remote code execution.

The vulnerability puts thousands of firewalls at risk, as it allows attackers to execute arbitrary code remotely, stealing credentials and potentially compromising entire systems.

As of the latest reports from The Shadowserver Foundation, 12,229 exposed firewalls remain vulnerable to exploitation. Most of these instances are located in countries including Iran, the United States, Italy, and Russia. GFI Software released an additional security patch, version 9.4.5 Patch 2, on January 31, 2025, which contains further security enhancements to address the issue. Users who have not yet updated their systems are strongly encouraged to install the latest patch to prevent potential attacks and protect their network security.

Reference:
  • Thousands of GFI KerioControl Firewalls Exposed to Remote Code Execution Flaw
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityFebruary 2025
ADVERTISEMENT

Related Posts

Russian APT28 Deploys Outlook Backdoor

SAP S4hana Exploited Vulnerability

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Virustotal Finds Undetected SVG Files

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Russian APT28 Deploys Outlook Backdoor

September 5, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Lazarus Hackers Exploit ZeroDay, Deploy Rats

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

CISA Flags TP Link Router Flaws

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

September 4, 2025

Latest Alerts

SAP S4hana Exploited Vulnerability

Virustotal Finds Undetected SVG Files

Russian APT28 Deploys Outlook Backdoor

CISA Flags TP Link Router Flaws

Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

Subscribe to our newsletter

    Latest Incidents

    North Korean Hackers Fake Interviews

    Bridgestone Confirms Cyberattack

    Cybersecurity Firms Hit By Breach

    Salesloft Drift Attacks Hits Vendors

    Jaguar Land Rover Hit By Cyber Incident

    Hackers Use Grok Ai To Spread Malware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial