Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. High-Severity Vulnerability in GFI KerioControl Firewalls
Alerts

High-Severity Vulnerability in GFI KerioControl Firewalls

11 February 2025

GFI Software has released security updates addressing a vulnerability (CVE-2024-52875) in GFI KerioControl firewall instances. This vulnerability is reportedly being actively exploited and the Proof of Concept exploit is publicly available.

Successful exploitation of the remote code execution vulnerability could allow attackers to inject malicious JavaScript code resulting in arbitrary code execution within the vulnerable application. 

The vulnerability affects GFI KerioControl network security software versions 9.2.5 through 9.4.5. 

Users and administrators of affected products are advised to update to the latest versions immediately.

More information is available here:

https://www.broadcom.com/support/security-center/protection-bulletin/cve-2024-52875-keriocontrol-crlf-injection-vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2024-52875

https://karmainsecurity.com/hacking-kerio-control-via-cve-2024-52875

https://www.bleepingcomputer.com/news/security/over-12-000-keriocontrol-firewalls-exposed-to-exploited-rce-flaw/?fbclid=IwZXh0bgNhZW0CMTEAAR1-tHb7zrc6_rwYCL2Lv98XAUG5l_qHBAqQVmFN7h430LcvB00ayK6HD8s_aem__Jub7ykvw81T7mD3Z5uCxA

Back to top