An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and /nonauth/guestConfirm.cs and /nonauth/expiration.cs pages is not properly sanitized before being used to generate a Location HTTP header in a 302 HTTP response. This can be exploited to perform Open Redirect or HTTP Response Splitting attacks, which in turn lead to Reflected Cross-Site Scripting (XSS). Remote command execution can be achieved by leveraging the upgrade feature in the admin interface.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 16 Sep 2025 17:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:gfi:kerio_control:*:*:*:*:*:*:*:*

Wed, 12 Feb 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 31 Jan 2025 08:30:00 +0000

Type Values Removed Values Added
References

Fri, 31 Jan 2025 08:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-113
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


Fri, 31 Jan 2025 07:45:00 +0000

Type Values Removed Values Added
Description An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and /nonauth/guestConfirm.cs and /nonauth/expiration.cs pages is not properly sanitized before being used to generate a Location HTTP header in a 302 HTTP response. This can be exploited to perform Open Redirect or HTTP Response Splitting attacks, which in turn lead to Reflected Cross-Site Scripting (XSS). Remote command execution can be achieved by leveraging the upgrade feature in the admin interface.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-02-12T20:41:37.262Z

Reserved: 2024-11-17T00:00:00.000Z

Link: CVE-2024-52875

cve-icon Vulnrichment

Updated: 2025-01-31T08:03:25.716Z

cve-icon NVD

Status : Analyzed

Published: 2025-01-31T08:15:07.827

Modified: 2025-09-16T17:29:19.553

Link: CVE-2024-52875

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-12T23:06:34Z