プラットフォーム
other
修正版
10.0.7
CVE-2025-2975 describes a problematic cross-site scripting (XSS) vulnerability discovered in GFI KerioConnect versions 10.0.6. This flaw allows attackers to inject malicious scripts via manipulation of the Settings/Email/Signature/EditHtmlSource component. Affected users should upgrade to version 10.0.7 to mitigate this risk. The vulnerability has been publicly disclosed.
Successful exploitation of CVE-2025-2975 enables an attacker to execute arbitrary JavaScript code within the context of a victim's browser session. This can lead to a variety of malicious outcomes, including session hijacking, phishing attacks, and defacement of the KerioConnect web interface. An attacker could potentially steal sensitive information, such as email credentials or contact details, or redirect users to malicious websites. The impact is amplified if the KerioConnect server is used to manage email for multiple users, as a single successful attack could compromise numerous accounts.
This vulnerability has been publicly disclosed, increasing the likelihood of exploitation. While the CVSS score is LOW, the ease of exploitation and potential impact warrant immediate attention. No known active campaigns have been reported at this time, but the public availability of the vulnerability makes it a prime target for opportunistic attackers. The vendor's lack of response to the disclosure is concerning.
Organizations utilizing KerioConnect version 10.0.6, particularly those with shared hosting environments or legacy configurations, are at increased risk. Users who frequently modify email signatures through the web interface are also more vulnerable.
disclosure
エクスプロイト状況
EPSS
0.14% (33% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2025-2975 is to upgrade KerioConnect to version 10.0.7 or later, which contains the fix. If immediate upgrading is not possible, consider restricting access to the Settings/Email/Signature/EditHtmlSource component through network firewalls or access control lists. While not a complete solution, input validation and output encoding on the server-side can help reduce the attack surface. Monitor KerioConnect logs for suspicious activity, particularly requests targeting the vulnerable component.
Actualizar KerioConnect a una versión posterior a la 10.0.6 que corrija la vulnerabilidad XSS. Consultar el sitio web del proveedor GFI para obtener la última versión y las instrucciones de actualización. Si no hay una versión disponible, deshabilitar o restringir el acceso a la función 'EditHtmlSource' hasta que se publique una solución.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2025-2975 is a cross-site scripting vulnerability in KerioConnect versions 10.0.6, allowing attackers to inject malicious scripts via the email signature editor. It has a LOW severity rating.
If you are running KerioConnect version 10.0.6, you are potentially affected by this vulnerability. Upgrade to 10.0.7 to resolve the issue.
The recommended fix is to upgrade KerioConnect to version 10.0.7 or later. As a temporary workaround, restrict access to the vulnerable component.
While no active campaigns have been confirmed, the vulnerability has been publicly disclosed, increasing the risk of exploitation.
Refer to the KerioConnect website for the official advisory and release notes for version 10.0.7.
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。