Security News > 2025 > January > Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens

Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens

2025-01-08 18:55

Hackers are trying to exploit CVE-2024-52875, a critical CRLF injection vulnerability that leads to 1-click remote code execution (RCE) attacks in GFI KerioControl firewall product. [...]

News URL

https://www.bleepingcomputer.com/news/security/hackers-exploit-keriocontrol-firewall-flaw-to-steal-admin-csrf-tokens/

#csrf #exploit #firewall #hacker #token #CVE-2024-52875

Related news

Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images (source)
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (source)
Case Study: Are CSRF Tokens Sufficient in Preventing CSRF Attacks? (source)
Hackers exploit WordPress plugin auth bypass hours after disclosure (source)
Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices (source)
Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
Hackers ramp up scans for leaked Git tokens and secrets (source)
Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet (source)
Hackers exploit OttoKit WordPress plugin flaw to add admin accounts (source)

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2025-01-31	CVE-2024-52875	An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5.	0.0

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.