InfoSecBulletin Cybersecurity for mankind
Over 1,200 firewall instances are vulnerable to a critical remote code execution issue, known as CVE-2024-52875. The vulnerability is found in several unauthenticated web interface paths, including /nonauth/addCertException.cs, /nonauth/guestConfirm.cs, and /nonauth/expiration.cs.
These pages do not adequately sanitize user input from the dest GET parameter, allowing attackers to inject line feed (LF) characters into HTTP responses. This vulnerability can lead to HTTP response splitting attacks, resulting in open redirects and reflected cross-site scripting (XSS).
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
CVE-2025-29824
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day
Hacker exploited Samsung MagicINFO 9 Server RCE flaw
CISA adds Langflow flaw to its KEV catalog
Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
UAP hosted “UAP Cyber Siege 2025”, A national level cybersecurity competition
As of February 9, 2025, the Shadowserver Foundation reported 12,229 unpatched KerioControl instances worldwide. A heatmap from Shadowserver shows significant vulnerabilities in North America, Europe, and Asia.
The organization has identified scanning for this vulnerability in its honeypot sensors, showing that threat actors are attempting to exploit it.
The absence of an official warning from the National Vulnerability Database (NVD) makes it harder to address risks. Organizations using these firewalls may not recognize the threat until a breach occurs or they are alerted by third-party security monitors like Shadowserver.
Unpatched KerioControl firewalls are vulnerable to attacks that allow hackers to gain full control. Exploited firewalls can become entry points for larger network intrusions or for launching additional attacks on connected systems.
In mid-December, security researcher Egidio Romano (EgiX) found the flaw that could enable risky 1-click remote code execution (RCE) attacks.
Shadowserver advises organizations to quickly assess their system vulnerabilities, monitor dashboards for alerts, and apply available patches.
KerioControl is a network security suite that small and medium-sized businesses use for VPNs, bandwidth management, reporting and monitoring, traffic filtering, AV protection, and intrusion prevention.
Apple releases update of zero-day vuln exploited in the Wild
