Security News > 2025 > January > Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens

Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens

2025-01-08 18:55

Hackers are trying to exploit CVE-2024-52875, a critical CRLF injection vulnerability that leads to 1-click remote code execution (RCE) attacks in GFI KerioControl firewall product. [...]

News URL

https://www.bleepingcomputer.com/news/security/hackers-exploit-keriocontrol-firewall-flaw-to-steal-admin-csrf-tokens/

#csrf #exploit #firewall #hacker #token #CVE-2024-52875

Related news

SonicWall firewall exploit lets hackers hijack VPN sessions, patch now (source)
Hackers exploit critical unpatched flaw in Zyxel CPE devices (source)
Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)
Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores (source)
North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack (source)
SonicWall firewall bug leveraged in attacks after PoC exploit release (source)
Hackers exploit authentication bypass in Palo Alto Networks PAN-OS (source)
Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2025-01-31	CVE-2024-52875	An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5.	0.0

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.