The Special Communication and Information Security State Service has identified three vulnerabilities in the "GFI KerioConnect" global email system that allow remote exploitation of the user interface and document processing functionalities. These vulnerabilities have been registered under the identifiers CVE-2025-2975, CVE-2025-2976, and CVE-2025-2977.
The discovered vulnerabilities have been officially validated and registered in the National Vulnerability Database (NVD) of the U.S. National Institute of Standards and Technology (nist.gov) under the same identification codes.
The provider of the affected global email service, GFI Software, a software company headquartered in the state of Texas, USA, has been duly informed of the vulnerabilities.
For reference, GFI Software has been operating since 1992 and has offices in the United States, the United Kingdom, Germany, the Czech Republic, and other countries. Its products are used by more than 60,000 organizations and enterprises worldwide.
https://nvd.nist.gov/vuln/detail/CVE-2025-2975
https://nvd.nist.gov/vuln/detail/CVE-2025-2976
https://nvd.nist.gov/vuln/detail/CVE-2025-2977
29 April 2026
29 April 2026
27 April 2026
27 April 2026
24 April 2026
23 April 2026
22 April 2026
21 April 2026
© 2011-2026 All rights reserved
