Security News > 2025 > January > Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection
2025-01-09 09:35
Threat actors are attempting to take advantage of a recently disclosed security flaw impacting GFI KerioControl firewalls that, if successfully exploited, could allow malicious actors to achieve remote code execution (RCE). The vulnerability in question, CVE-2024-52875, refers to a carriage return line feed (CRLF) injection attack, paving the way for HTTP response splitting, which could then
News URL
https://thehackernews.com/2025/01/critical-rce-flaw-in-gfi-keriocontrol.html
Related news
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution (source)
- Critical flaws in Mongoose library expose MongoDB to data thieves, code execution (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- WordPress security plugin WP Ghost vulnerable to remote code execution bug (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-31 | CVE-2024-52875 | An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. | 0.0 |