While unpatched instances were reduced to half within a month, a huge number of them remain vulnerable even as attackers exploit the flaw in the wild for critical RCE attacks.
Businesses around the globe have over 12,000 vulnerable instances of the GFI KerioControl application — a unified threat management (UTM) firewall software designed for small and mid-sized enterprises. The unpatched instances remained high weeks after the patches were issued for a critical RCE bug.
Tracked as CVE-2024-52875, the vulnerability is an improper input sanitization error by the application when handling HTTP requests, allowing attackers to perform HTTP response splitting and reflected XSS attacks for code execution and full system takeover.
In a report published on Monday, The Shadowserver Foundation said they found 12,229 unpatched instances as of Feb 9, 2025. “We are also seeing CVE-2024-52875 related scan activity in our honeypot sensors,” the cybersecurity non-profit said in a statement.
The flaw has already picked up adversary interests as several N-day attempts were discovered in early January by Greynoise for exploiting it to steal admin CSRF credentials.
0 seconds of 16 minutes, 30 secondsVolume 0%
Patching is underway, but not quite fast
Since the bug was publicly disclosed on December 16, 2024, and a patch was made available on December 19, cybersecurity firms and individual threat hunters have been tracking and reporting on its patching status owing to its potential for critical system compromise.
According to a Censys advisory published on January 7, there were 23,862 unpatched KerioControl instances, with 17% found only in Iran at the time of publishing of the report.
Karma(In)Security, run by cybersecurity enthusiast Egidio Romano, reported in January that Romano had informed GFI Software about the flaw along with a proof-of-concept (POC) exploit — the one that Greynoise later reported was used by the attackers for the real-world exploits.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
