CVE-2025-34071CRITICAL 9.8EPSS p48.3%

CVE-2025-34071CVE-2025-34071

Description

A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attackers with administrative access to upload and execute arbitrary code through the firmware upgrade feature. The system upgrade mechanism accepts unsigned .img files, which can be modified to include malicious scripts within the upgrade.sh or disk image components. These modified upgrade images are not validated for authenticity or integrity, and are executed by the system post-upload, enabling root access.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.70% probability of exploitation · percentile 48.3% · 2026-06-19T12:03:05Z
Published2025-07-02
Last modified2025-09-17

Underlying weaknesses· 1

CWE-306

References

  1. https://ssd-disclosure.com/ssd-advisory-kerio-control-authentication-bypass-and-rce/
  2. https://vulncheck.com/advisories/gfi-kerio-control-auth-bypass-rce

1

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-34069
CVE
CVE-2025-34070
CVE
CVE-2025-0592
CVE
CVE-2025-48469
CVE
CVE-2025-63409
CVE
CVE-2025-64093
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.