CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-52875

High Severity
SVRS
40/100
CVSSv3
8.8/10
EPSS
0.6296/1

CVE-2024-52875: Vulnerability in GFI Kerio Control allows for Open Redirect and HTTP Response Splitting attacks. This can lead to Reflected Cross-Site Scripting (XSS) and potentially remote command execution. The vulnerability exists because the 'dest' GET parameter in several pages is not properly sanitized, allowing malicious users to manipulate the Location HTTP header.

While the CVSS score is 8.8, the SOCRadar Vulnerability Risk Score (SVRS) of 40 suggests a moderate level of risk, lower than what the CVSS score indicates. The presence of the "In The Wild" tag emphasizes the urgency for patching, as this vulnerability is actively being exploited. The primary risk is unauthorized access and control over user sessions. Affected organizations should immediately apply the available patch to prevent exploitation. This CVE is significant because successful exploitation can compromise the security and integrity of the GFI Kerio Control system.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:R
S:U
C:H
I:H
A:H
PUBLICATION DATE2025-01-31
LAST MODIFIED2025-02-12
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-52875 is a vulnerability with a limited description available currently. While the CVSS score is 0, indicating a lack of publicly available information on its severity, the SOCRadar Vulnerability Risk Score (SVRS) assigns it a score of 30. This score suggests that the vulnerability poses a moderate risk and warrants investigation and potential action.

Key Insights

  • Limited Information: Despite the lack of a detailed description, the "In The Wild" tag attached to CVE-2024-52875 indicates that this vulnerability is actively being exploited by hackers.
  • Unknown Severity: The CVSS score of 0 suggests a lack of understanding of the potential impact of this vulnerability. However, the SVRS score of 30 suggests that the vulnerability is significant enough to warrant attention and investigation.
  • Active Exploitation: The "In The Wild" tag signifies a high risk as threat actors are actively using this vulnerability to compromise systems and networks.
  • Proactive Approach: The lack of detailed information emphasizes the need for a proactive approach to cybersecurity.

Mitigation Strategies

  • Immediate Patching: Prioritize patching systems to address this vulnerability. This is a crucial step in reducing risk, especially given that the vulnerability is being exploited in the wild.
  • Network Segmentation: Implement network segmentation to limit the impact of potential breaches. This can help to prevent attackers from spreading across your network if they gain access to one system.
  • Intrusion Detection Systems (IDS): Utilize intrusion detection systems to proactively identify malicious activity. This can help detect exploits targeting CVE-2024-52875 and alert you to potential attacks.
  • Security Awareness Training: Educate users about the potential risks associated with this vulnerability and encourage them to report suspicious activities. This helps build a more robust security posture.

Additional Information

For further information on CVE-2024-52875 and potential actions to mitigate it, please consult the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Tageszusammenfassung - 11.02.2025
CERT.at2025-04-01
Tageszusammenfassung - 11.02.2025 | End-of-Day report Timeframe: Montag 10-02-2025 18:00 - Dienstag 11-02-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a News Over 12,000 KerioControl firewalls exposed to exploited RCE flaw Over twelve thousand GFI KerioControl firewall instances are exposed to a critical remote code execution vulnerability tracked as CVE-2024-52875. https://www.bleepingcomputer.com/news/security/over-12-000-keriocontrol-firewalls-exposed-to-exploited-rce-flaw/ US sanctions LockBit
cert.at
rss
forum
news
Over 12,000 KerioControl Firewalls Vulnerable to RCE Exploits
vpnMentor2025-02-15
Over 12,000 KerioControl Firewalls Vulnerable to RCE Exploits | Thousands of GFI KerioControl firewall devices have remained vulnerable to a critical remote code execution (RCE) flaw, CVE-2024-52875, despite security patches being made available since December 2024. The flaw allows attackers to exploit improper input sanitization in the firewall’s web interface, enabling them to execute malicious code with administrator privileges. Cybersecurity firms tracking the issue...Thousands of GFI KerioControl firewall devices have remained vulnerable to a critical remote code execution (RCE) flaw, CVE-2024-52875, despite security patches being made available since
vpnmentor.com
rss
forum
news
Over 12,000 KerioControl firewalls exposed to exploited RCE flaw
Bill Toulas2025-02-11
Over 12,000 KerioControl firewalls exposed to exploited RCE flaw | Over twelve thousand GFI KerioControl firewall instances are exposed to a critical remote code execution vulnerability tracked as CVE-2024-52875. [...]
bleepingcomputer.com
rss
forum
news
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January] - The Hacker News
2025-01-13
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January] - The Hacker News | News Content: The cyber world’s been buzzing this week, and it’s all about staying ahead of the bad guys. From sneaky software bugs to advanced hacking tricks, the risks are real, but so are the ways to protect yourself. In this recap, we’ll break down what’s happening, why it matters, and what you can do to stay secure. Let’s turn awareness into action and keep one step ahead of the threats. ⚡ Threat of the Week Critical Ivanti Flaw Comes Under Exploitation
google.com
rss
forum
news
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January] - The Hacker News
2025-01-13
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January] - The Hacker News | News Content: The cyber world’s been buzzing this week, and it’s all about staying ahead of the bad guys. From sneaky software bugs to advanced hacking tricks, the risks are real, but so are the ways to protect yourself. In this recap, we’ll break down what’s happening, why it matters, and what you can do to stay secure. Let’s turn awareness into action and keep one step ahead of the threats. ⚡ Threat of the Week Critical Ivanti Flaw Comes Under Exploitation
google.com
rss
forum
news
Vulnerabilidade do GFI KerioControl explorada
Da Redação2025-01-11
Vulnerabilidade do GFI KerioControl explorada | Agentes de ameaças estão explorando uma vulnerabilidade recente no firewall GFI KerioControl, que permite a execução remota de código (RCE) com apenas um clique. A falha, identificada como CVE-2024-52875, foi corrigida em 19 de dezembro, mas já está sendo ativamente explorada, de acordo com alertas da empresa de inteligência de ameaças GreyNoise. Essa vulnerabilidade afeta […] Fonte
cisoadvisor.com.br
rss
forum
news
Firewalls Kerio Control estão sendo atacados
Da Redação2025-01-09
Firewalls Kerio Control estão sendo atacados | Uma vulnerabilidade no firewall GFI KerioControl, que permite a execução remota de código (RCE) com apenas um clique, está sendo ativamente explorada por agentes de ameaça, alerta a empresa de inteligência GreyNoise. Essa falha crítica, identificada como CVE-2024-52875, afeta versões do software que estavam em uso há quase sete anos, destacando sua gravidade e a […] Fonte
cisoadvisor.com.br
rss
forum
news

Social Media

🚨 CVE Alert: GFI Kerio Control Remote Code Execution vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2024-52875 (CVSS v3 8.8/10) GFI Kerio Control Remote Code Execution vulnerability Impact: A successful exploit allows attackers to perform HTTP response https://t.co/zKcXtYd6sh
0
0
0
More than 12,000 GFI KerioControl firewalls remain vulnerable to the critical security flaw CVE-2024-52875, which enables remote code execution (RCE). https://t.co/Tfl2jU08tR
0
0
0
CVE-2024-52875 : Over 12,000 KerioControl firewalls exposed to exploited RCE flaw KerioControl is a network security suite that small and medium-sized businesses use for VPNs. https://t.co/nNhyPHXvBj
0
0
1
Over 12,000 KerioControl firewalls exposed to exploited RCE flaw. Over twelve thousand GFI KerioControl firewall instances are exposed to a critical remote code execution vulnerability tracked as CVE-2024-52875. https://t.co/Qyzt4ipsRX https://t.co/0rQcd3TFqA
0
0
0
12,000+ KerioControl Firewalls at Risk! A critical RCE flaw (CVE-2024-52875) is under active attack, allowing 1-click exploits ⚠️ Thousands remain vulnerable despite a fix! Upgrade NOW to 9.4.5 Update 2! https://t.co/5uPNYTxWDm #CyberSecurity #RCE #Hacking #ZeroDay #DarkWeb https://t.co/zBMjdkQqrQ
0
0
0
Over 12,000 GFI KerioControl firewall instances are exposed to a critical remote code execution vulnerability tracked as CVE-2024-52875☝️🤖 #vulnerability #flaw https://t.co/1rrySmLApR https://t.co/aowjZsRahF
0
0
0
GFI #KerioControl just revealed a critical #vulnerability (CVE-2024-52875) that's already being actively exploited in the wild. With this flaw, an attacker can trick your system into uploading malicious firmware—granting them root access to your entire network. Details: https://t.co/zVd3Uyc5oo
0
1
3
Una vulnerabilidad de ciberseguridad crítica (CVE-2024-52875) afecta a los firewalls GFI KerioControl en sus versiones 9.2.5 a 9.4.5. Esta falla, que puede ser explotada para la ejecución remota de código (RCE), reside en varias rutas URI no autenticadas de la interfaz web. 🧉 https://t.co/yD9FIbM2WC
0
0
1
12K+ KerioControl Firewall Instances Vulnerable to 1-Click RCE Exploit https://t.co/s0KOx8HW3V A critical security vulnerability, CVE-2024-52875, has been identified in GFI KerioControl firewalls, affecting versions 9.2.5 through 9.4.5. This flaw, which can be exploited for r…
0
0
0
[CVE-2024-52875]: (CVSS:8.8, Severity: High, More Details: https://t.co/0Cc6kg8xn9) GFI Kerio Control 9.2.5-9.4.5 vulnerable to open redirects/HTTP splitting via unsanitized dest parameter, leading to XSS & potential RCE.
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
AF854A3A-2127-422B-91AE-364DA2661108http://seclists.org/fulldisclosure/2024/Dec/15
[email protected]https://karmainsecurity.com/hacking-kerio-control-via-cve-2024-52875
GITHUBhttps://karmainsecurity.com/hacking-kerio-control-via-cve-2024-52875

CWE Details

CWE IDCWE NameDescription
CWE-113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence