CVE-2025-2977: GFI KerioConnect PDF File cross site scripting
First published: Mon Mar 31 2025(Updated: )
A vulnerability was found in GFI KerioConnect 10.0.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component PDF File Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GFI KerioConnect |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-2977?
CVE-2025-2977 has been declared as problematic due to the potential for cross-site scripting attacks.
How do I fix CVE-2025-2977?
To fix CVE-2025-2977, update GFI KerioConnect to the latest version that addresses this vulnerability.
What type of attack does CVE-2025-2977 enable?
CVE-2025-2977 enables remote cross-site scripting (XSS) attacks.
Which component is affected by CVE-2025-2977?
CVE-2025-2977 affects the PDF File Handler component of GFI KerioConnect.
Can CVE-2025-2977 be exploited remotely?
Yes, CVE-2025-2977 can be exploited remotely by attackers.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/type
- agent/title
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/author
- agent/severity
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/gfi
- canonical/gfi kerioconnect