Skip to main content

Open Redirect CVE-2024-52875

HIGH
HTTP Response Splitting (CWE-113)
2025-01-31 cve@mitre.org
Open Redirect XSS Kerio Control
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 18:06 vuln.today
PoC Detected
Sep 16, 2025 - 17:29 vuln.today
Public exploit code
CVE Published
Jan 31, 2025 - 08:15 nvd
HIGH 8.8

DescriptionCVE.org

An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and /nonauth/guestConfirm.cs and /nonauth/expiration.cs pages is not properly sanitized before being used to generate a Location HTTP header in a 302 HTTP response. This can be exploited to perform Open Redirect or HTTP Response Splitting attacks, which in turn lead to Reflected Cross-Site Scripting (XSS). Remote command execution can be achieved by leveraging the upgrade feature in the admin interface.

AnalysisAI

GFI Kerio Control versions 9.2.5 through 9.4.5 contain an HTTP response splitting vulnerability in the dest parameter of unauthenticated pages. The unsanitized parameter is used to generate Location headers in 302 redirects, enabling open redirect, HTTP response injection, and reflected XSS that can escalate to admin session hijacking.

Technical ContextAI

The dest GET parameter on the /nonauth/addCertException.cs, /nonauth/guestConfirm.cs, and /nonauth/expiration.cs pages is injected into a Location HTTP header without sanitization. By injecting CRLF sequences followed by additional headers or HTML body content, an attacker achieves HTTP response splitting. This enables reflected XSS that can steal admin session cookies or execute actions in the admin context.

RemediationAI

Update Kerio Control to version 9.4.6 or later. Implement browser security headers (Content-Security-Policy, X-Content-Type-Options). Restrict admin interface access to trusted IP addresses. Educate administrators about phishing attacks targeting management interfaces.

More from same product – last 7 days

CVE-2026-53523 MEDIUM
6.8 Jun 12

Host header injection in Nezha Monitoring versions 1.0.0 through 2.2.0 allows unauthenticated remote attackers to redire
CVE-2026-45566 MEDIUM
6.1 Jun 10

Open redirect in Roxy-WI versions 8.2.6.4 and prior allows unauthenticated remote attackers to silently redirect authent
CVE-2026-50089 MEDIUM
6.1 Jun 12

Open redirect in the Aqara IAM/SSO Gateway (gw-builder.aqara.com) allows remote unauthenticated attackers to craft Aqara
CVE-2026-10837 MEDIUM
5.1 Jun 17

Open redirection in Password Manager exposes users to phishing attacks by failing to validate the X-Forwarded-Host HTTP

CVE-2026-10839 MEDIUM
5.1 Jun 17

Open redirection in the Password Manager authentication system enables network-accessible, unauthenticated attackers to

Share

CVE-2024-52875 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy