CVE-2025-34070
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-02

Last updated on: 2025-09-17

Assigner: VulnCheck

Description
A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5 allows unauthenticated remote attackers to perform privileged operations. The GFIAgent service, responsible for integration with GFI AppManager, exposes HTTP services on ports 7995 and 7996 without proper authentication. The /proxy handler on port 7996 allows arbitrary forwarding to administrative endpointsΒ when provided with an Appliance UUID, which itself can be retrieved from port 7995. This results in a complete authentication bypass, permitting access to sensitive administrative APIs.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-02
Last Modified
2025-09-17
Generated
2026-05-07
AI Q&A
2025-07-02
EPSS Evaluated
2026-05-05
NVD
CVE-2025-34070
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gfi kerio_control 9.4.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a missing authentication issue in the GFIAgent component of GFI Kerio Control 9.4.5. It allows unauthenticated remote attackers to perform privileged operations by bypassing authentication. The GFIAgent service exposes HTTP services on ports 7995 and 7996 without proper authentication. Attackers can retrieve an Appliance UUID from port 7995 and use the /proxy handler on port 7996 to forward requests arbitrarily to administrative endpoints, gaining full access to sensitive administrative APIs.


How can this vulnerability impact me? :

This vulnerability can have a severe impact as it allows unauthenticated remote attackers to bypass authentication and perform privileged operations on the affected system. This means attackers can access sensitive administrative APIs, potentially leading to unauthorized control, data exposure, or manipulation of the system.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

You can detect this vulnerability by scanning your network for open HTTP services on ports 7995 and 7996, which are used by the GFIAgent component. Specifically, check if the /proxy handler on port 7996 is accessible without authentication and if the Appliance UUID can be retrieved from port 7995. For example, use commands like: 1) curl http://<target-ip>:7995/ to attempt to retrieve the Appliance UUID, and 2) curl http://<target-ip>:7996/proxy with the Appliance UUID to test if arbitrary forwarding to administrative endpoints is possible without authentication.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access to ports 7995 and 7996 to trusted networks only, such as by firewall rules or network segmentation, to prevent unauthenticated remote access. Additionally, disable or restrict the GFIAgent service if it is not required, and apply any available patches or updates from the vendor addressing this authentication bypass vulnerability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart