CVE-2025-34069 – Kerio Control Authentication Bypass through Insecure Proxy Configuration

July 2, 2025

CVE ID : CVE-2025-34069

Published : July 2, 2025, 2:15 p.m. | 1 hour, 1 minute ago

Description : An authentication bypass vulnerability exists in GFI Kerio Control 9.4.5 due to insecure default proxy configuration and weak access control in the GFIAgent service. The non-transparent proxy on TCP port 3128 can be used to forward unauthenticated requests to internal services such as GFIAgent, bypassing firewall restrictions and exposing internal management endpoints. This enables unauthenticated attackers to access the GFIAgent service on ports 7995 and 7996, retrieve the appliance UUID, and issue administrative requests via the proxy. Exploitation results in full administrative access to the Kerio Control appliance.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-34070 – GFI Kerio Control GFIAgent Authentication Bypass

Next Article CVE-2025-34067 – Hikvision Integrated Security Management Platform Fastjson Remote Command Execution

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Full-Stack Techies vs Toptal: Which Is Better for React.js Outsourcing?

The AI productivity paradox in software engineering: Balancing efficiency and human skill retention

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

Microsoft reportedly lacks the know-how to fully leverage OpenAI’s tech — despite holding IP rights

PHP 8.5.0 Alpha 1 available for testing

PHP 8.5.0 Alpha 1 available for testing

Recording cross browser compatible media

Celebrating Perficient’s Third Databricks Champion

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

CVE-2025-34069 – Kerio Control Authentication Bypass through Insecure Proxy Configuration

Critical Lucee Flaw (CVE-2025-34074, CVSS 9.4): Authenticated RCE Via Scheduled Task Abuse, Metasploit Module Out

Exposed JDWP Debug Ports Under Attack: Cryptominers Infiltrating Java Apps in Hours

Design Isn’t Dead.

“Please save this IP” — Blizzard teases new Diablo 2 content as the game turns 25, and fans are clearly hungry for it

CVE-2025-27578 – Pixmeo OsiriX MD Denial-of-Service Use-After-Free Vulnerability

CVE-2024-42190 – HCL Traveler for Microsoft Outlook DLL Hijacking Vulnerability

How to Fix Windows Update Error 0xXXXXXXXXX on Windows PC (Step-by-Step Guide)

Last Week in AI #308 – The Leaderboard Illusion, ChatGPT Glazing, Qwen 3, Ernie X1

CVE-2025-49029 – Bitto Kazi Custom Login And Signup Widget Code Injection Vulnerability

CVE-2025-6095 – Jasmin Ransomware SQL Injection Vulnerability

CVE-2025-34069 – Kerio Control Authentication Bypass through Insecure Proxy Configuration

Related Posts