Summary: Hackers are exploiting CVE-2024-52875, a critical CRLF injection vulnerability in GFI KerioControl, allowing for 1-click remote code execution (RCE) attacks. The vulnerability affects versions 9.2.5 to 9.4.5 and has been actively targeted by malicious actors.
Threat Actor: Unknown | unknown
Victim: GFI Software | GFI Software
Key Point :
- Exploitation of CVE-2024-52875 allows attackers to manipulate HTTP headers and execute malicious JavaScript in victimsβ browsers.
- Active exploitation attempts have been detected from multiple IP addresses, indicating a coordinated attack.
- GFI Software has released a patch for the vulnerability, urging users to apply it immediately to mitigate risks.
- Recommended mitigations include restricting access to the web management interface and monitoring for exploitation attempts.
Views: 0